Research Blog
Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.
Filters
Showing 145–150 of 158 results
Compromising vCenter via SAML Certificates
Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last year, as well as a target of many cybercrime syndicates and APTs. In the SolarWinds attack, the attackers also...
Read More 
OMIGOD – RCE Vulnerability in Multiple Azure Linux Deployments
Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed OMIGOD, which effects the Open Management Infrastructure (OMI) agent in versions 1.6.8.0 and below. Azure customers effected by this vulnerability are still vulnerable and must take manual action to ensure the OMI agent is updated. For Debian systems (e.g., Ubuntu):...
Read More 
Confluence Server OGNL Injection: CVE-2021-26084
On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands on the server. A few days later, on August 31, security researchers @iamnoob and @rootxharsh quickly developed a working proof of concept given the vulnerability details and by reverse engineering....
Read More 
ProxyShell: More Ways for More Shells
In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE The research detailed a...
Read More 
Product Updates from our CTO
The engineering team has been working tirelessly to improve the “what to wow” user experience, add more attack content, add indicators of best practices and improve analytical insights. Improving our “what to wow” user experience – In security, there are two types of findings: critical problems that require you skip lunch, or cancel plans with your family, to urgently fix...
Read More 
Be Open to Be Wow’d
Being a #learnitall, Lesson 1: Be Open to Be Wow’d Most of the startup advice out there is pretty clear: get feedback early and often. Customer input is invaluable to delivering iter0, your MVP, feature releases that matter, bug fixes, utility and simplicity. In Customer Success, a lot of the job is review and advise so a customer can hit their...
Read More