Attack Research

Filters

Showing 31–36 of 76 results

CVE-2023-20198,Cisco IOS XE Web UI Vulnerability

Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198

October 19, 2023 | Attack Blogs

On Monday, 16 October, Cisco reported a critical zero-day vulnerability in the web UI feature of its IOS XE software actively being exploited by threat actors to install Remote Access Tools (RATs) and backdoor vulnerable devices exposed on the internet.

Apache Superset Part II: RCE, Credential Harvesting and More

September 6, 2023 | Attack Blogs, Disclosures

Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that enables unauthorized attackers to gain admin access to these servers. We also alluded to methods that an attacker, logged in as an admin, could use to harvest credentials and execute...

Ivanti Sentry Authentication Bypass CVE-2023-38035 Deep Dive

August 24, 2023 | Attack Blogs

Introduction Ivanti has recently published an advisory for CVE-2023-38035. The vulnerability has been added to CISA KEV and is described as an authentication bypass in the Ivanti Sentry administrator interface. This new vulnerability comes on the heels of an in-the-wild-exploited vulnerability in Ivanti EPMM (CVE-2023-35078). In this post we will take a deep dive into how this new vulnerability can...

Lexmark Command Injection Vulnerability ZDI-CAN-19470 Pwn2Own Toronto 2022

August 10, 2023 | Attack Blogs

Introduction In December 2022, we competed at our first pwn2own. We were able to successfully exploit the Lexmark MC3224i using a command injection 0-day. This post will detail the process we used to discover, weaponize, and have some fun with this vulnerability. You can find our POC here. Printer Acquisition It was rather difficult to acquire the Lexmark MC3224adwe. So...