Horizon3.ai
Horizon3.ai

Attack Blogs

Filters

Tags
Reset

Showing 37–42 of 56 results

VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive

January 31, 2023 |

Introduction The recent VMware VMSA describes four new CVEs affecting VMware vRealize Log Insight, reported by ZDI. Three of these CVEs can be combined to give an attacker remote code execution as root. This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details...
Read More

VMware vRealize Log Insight VMSA-2023-0001 IOCs

January 27, 2023 |

Introduction The recent VMware VMSA describes four new CVEs affecting VMware vRealize Log Insight. Three of these CVEs can be combined to give an attacker remote code execution as root. This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. CVE-2022-31704: VMware vRealize Log Insight broken access control Vulnerability CVE-2022-31711: VMware vRealize Log Insight contains an Information...
Read More

ManageEngine CVE-2022-47966 Technical Deep Dive

January 19, 2023 |

Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain remote code execution by issuing a HTTP POST request containing a malicious SAML response. This vulnerability is a result of  using an outdated version of Apache Santuario for...
Read More
ManageEngine, CVE-2022-47966 IOCs

ManageEngine CVE-2022-47966 IOCs

January 13, 2023 |

Introduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on is enabled or has ever been enabled. ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management. Given the nature of these products, a vulnerability...
Read More
keys neatly aligned in rows

Metrics That Matter: An Attacker’s Perspective on Assessing Password Policy

December 1, 2022 |

After compromising a Windows domain controller, one of the actions that NodeZero, our autonomous pentest product, performs is dumping all domain user password hashes from the Active Directory database. This is a common attacker technique, and the resulting dump is highly valuable to attackers. But did you know that this data is a great source of insight for defenders too?
Read More

OpenSSL Critical Vulnerability: Should You Be Spooked?

October 26, 2022 |

On Tuesday, October 25 a new OpenSSL hot-fix release was announced which will patch a critical vulnerability that exists within the v3.0.X branch. OpenSSL 3.0.7 will be released on Tuesday, November 1 and in tandem the details of the vulnerability and its associated CVE will be made public. OpenSSL is an open source project that provides easy to use cryptographic...
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.

Schedule a Demo