Research Blog
Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.
Filters
Showing 97–102 of 161 results
Horizon3.ai Breaks Down Fortinet Vulnerability
Horizon3.ai Breaks Down Fortinet Vulnerability Zach Hanley, Horizon3.ai Chief Attack Engineer, and James Horseman, Exploit Developer, join John Furrier of theCUBE to discuss Fortinet CVE 2022 40864.
Read More Secure Your Fortinet Appliances Across On-Prem, Cloud, and Hybrid Networks at Scale
Learn how to use NodeZero from Horizon3.ai to secure your Fortinet appliances across on-prem, cloud, and hybrid networks at scale.
Read More FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiProxySwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the effected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1
Read More What is Zero Trust – and How NodeZero Can Help
Zero Trust. Everyone’s talking about it, but what does it truly mean, and how can you prove that your organization is using a Zero Trust model effectively?
Read More Putting Your Security to the Test with NodeZero
Putting Your Security to the Test with NodeZero with Anthony Pillitiere and Clayton Dillard / CEO Legion Cyberworks.
Read More FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass IOCs (CVE-2022-40684)
Introduction The recent FortiOS / FortiProxy / FortiSwitchManager CVE has been reportedly exploited in the wild. We would like to provide additional insight into the vulnerability so users can begin to determine if they have been compromised. In this post we discuss enabling logging and IOCs for FortiOS 7.2.1. These steps will likely work on other vulnerable products, however we...
Read More