New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Attack Research

SEARCH

CATEGORIES

TAGS

    Attack Blogs

    Ivanti Sentry Authentication Bypass CVE-2023-38035 Deep Dive

    August 24, 2023
    Introduction Ivanti has recently published an advisory for CVE-2023-38035. The vulnerability has been added to CISA KEV and is described as an authentication bypass in the Ivanti Sentry administrator interface. This new vulnerability comes on the heels of an in-the-wild-exploited vulnerability in Ivanti EPMM (CVE-2023-35078). In this post we will take a deep dive into…
    Read More →
    mobileiron Sentry
    Attack Blogs

    Lexmark Command Injection Vulnerability ZDI-CAN-19470 Pwn2Own Toronto 2022

    August 10, 2023
    Introduction In December 2022, we competed at our first pwn2own. We were able to successfully exploit the Lexmark MC3224i using a command injection 0-day. This post will detail the process we used to discover, weaponize, and have some fun with this vulnerability. You can find our POC here. Printer Acquisition It was rather difficult to…
    Read More →
    Attack Paths

    NodeZero Pivots Through Your Network with the Attacker’s Perspective

    August 7, 2023
    A NodeZero autonomous attack that leveraged two weaknesses to achieve domain compromise in 33 minutes, 9 seconds.
    Read More →
    Attack Paths

    Privileged Credentials Often Bite Back

    August 7, 2023
    Active Directory Analytics Solution Enables Domain Compromise
    Read More →
    Attack Blogs, Disclosures

    CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability

    August 4, 2023
    Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have it exposed to the Internet, we recommend you check out the July 2023…
    Read More →
    Attack Paths

    Low-Level Credentials Can Get Big Gains

    July 26, 2023
    Combining Compromised Credentials Enables Domain Takeover
    Read More →
    Attack Paths

    Veeam CVE Leads to Full Compromise

    July 26, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Paths

    You Can’t Manage Risk if You Lack Context

    June 29, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Blogs

    MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise

    June 9, 2023
    On May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest version. The vulnerability, CVE-2023-34362, at the time of release was believed to have been exploited in-the-wild as a 0-day dating back at least…
    Read More →
    Attack Blogs, Disclosures

    CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

    April 25, 2023
    Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers - at least 2000 (two-thirds of all servers) - are running with…
    Read More →