Categories
Vulnerabilities
All you need to know about the latest vulnerabilities or other security threats with technical details and actionable recommendations from our research team.
The most exploited vulnerabilities in 2022
Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.
Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests
These flaws are particularly dangerous because attackers exploit behavioral patterns by interacting with apps in different ways than intended. When exploited successfully, they cause serious disruption, including business processes impact and reputational damage.
Phishing a company through a 7-Zip misconfiguration
Reading about phishing can sometimes feel tedious, as many articles simply rehash the same old scenarios and prevention strategies without diving into technical details or offering anything fresh. But don't worry, we've got you covered!
Everything you need to know about the new OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)
Before securing systems, we need to understand what we’re trying to secure and how to do it. Today we are exploring two new vulnerabilities that got the community's attention this month. Most importantly you will learn how to patch them and how impactful they are.
Authenticated Magento RCE with deserialized PHAR files
Back in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.
How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)
Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.
How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)
More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).
How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions
We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.
Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)
“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.