Horizon3.ai
Horizon3.ai

Attack Research

Filters

Tags
Reset

Showing 67–72 of 76 results

Confluence Logo, CVE-2021-26084

Confluence Server OGNL Injection: CVE-2021-26084

September 13, 2021 |

On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands on the server. A few days later, on August 31, security researchers @iamnoob and @rootxharsh quickly developed a working proof of concept given the vulnerability details and by reverse engineering....
Read More

Hack The Box – Active

September 5, 2021 |

After my last walkthrough of a machine named Blue on the Hack The Box platform, I received some flak from my humanoid counterparts saying that my work was less than impressive. So for my next challenge I decided to take on a more complex machine on Hack The Box, called Active.
Read More
Terminal green binary code in the shape of a piece of mail

ProxyShell: More Ways for More Shells

September 4, 2021 |

In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE The research detailed a...
Read More
Impacts tab in NodeZero

Product Updates from our CTO

August 27, 2021 |

The engineering team has been working tirelessly to improve the “what to wow” user experience, add more attack content, add indicators of best practices and improve analytical insights. Improving our “what to wow” user experience – In security, there are two types of findings: critical problems that require you skip lunch, or cancel plans with your family, to urgently fix...
Read More
Blue man with sunglasses in a suit

Hack the Box: Blue

August 27, 2021 |

My friends tell me it’s in vogue these days for pentesters to write up walk-throughs of challenge boxes from Hack The Box. So I decided to get into the game, starting with a machine called Blue. I hear it’s one of the easiest boxes on the platform. Nonetheless, I hope my write-up will prove enlightening among the sea of other...
Read More

CVE-2021-27927: CSRF to RCE Chain in Zabbix

March 8, 2021 |

Zabbix is an enterprise IT network and application monitoring solution. In a routine review of its source code, we discovered a CSRF (cross-site request forgery) vulnerability in the authentication component of the Zabbix UI. Using this vulnerability, an unauthenticated attacker can take over the Zabbix administrator's account if the attacker can persuade the Zabbix administrator to follow a malicious link....
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.

Schedule a Demo