Attack Research
Filter Content:
Categories:
Tags:
December 10, 2021 | Attack Blogs
Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)
December 6, 2021 | Attack Paths
I exploited the Mirai machine from Hack The Box using the same technique used by the infamous Mirai malware.November 9, 2021 | Disclosures
During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated…
October 18, 2021 | Attack Blogs
We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis…
October 4, 2021 | Attack Blogs
Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware…
September 16, 2021 | Attack Blogs
Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed…
September 16, 2021 | Attack Paths
The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials.
September 13, 2021 | Attack Blogs
On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server…
September 5, 2021 | Attack Paths
After my last walkthrough of a machine named Blue on the Hack The Box platform, I received some flak from…
September 4, 2021 | Attack Blogs
In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post…