Attack Research
Filter Content:
Categories:
Tags:
May 28, 2024 | Attack Blogs, Disclosures
In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I…
May 20, 2024 | Attack Paths
As enterprises continue to transition on-premises infrastructure and information systems to the cloud, hybrid cloud systems have emerged as a…
May 20, 2024 | Attack Blogs, Disclosures
In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet…
March 21, 2024 | Attack Blogs
Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote…
March 14, 2024 | Attack Blogs, Disclosures
Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt…
March 11, 2024 | Attack Blogs, Disclosures
NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.
March 6, 2024 | Attack Blogs
On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory…
February 21, 2024 | Attack Blogs
Introduction On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe…
February 6, 2024 | Attack Blogs
Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been…
