Category: Attack Research | Page 9

ManageEngine CVE-2022-47966 Technical Deep Dive

January 19, 2023 | Attack Blogs

Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain remote code execution by issuing a HTTP POST request containing a malicious SAML response. This vulnerability is a result of using an outdated version of Apache Santuario for...

ManageEngine CVE-2022-47966 IOCs

January 13, 2023 | Attack Blogs

Introduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on is enabled or has ever been enabled. ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management. Given the nature of these products, a vulnerability...

Metrics That Matter: An Attacker’s Perspective on Assessing Password Policy

December 1, 2022 | Attack Blogs

After compromising a Windows domain controller, one of the actions that NodeZero, our autonomous pentest product, performs is dumping all domain user password hashes from the Active Directory database. This is a common attacker technique, and the resulting dump is highly valuable to attackers. But did you know that this data is a great source of insight for defenders too?

OpenSSL Critical Vulnerability: Should You Be Spooked?

October 26, 2022 | Attack Blogs

On Tuesday, October 25 a new OpenSSL hot-fix release was announced which will patch a critical vulnerability that exists within the v3.0.X branch. OpenSSL 3.0.7 will be released on Tuesday, November 1 and in tandem the details of the vulnerability and its associated CVE will be made public. OpenSSL is an open source project that provides easy to use cryptographic...

FortiOS, FortiProxy, and FortiProxySwitchManager Authentication Bypass, CVE-2022-40684

FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)

October 13, 2022 | Attack Blogs

Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiProxySwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the effected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1

FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass IOCs (CVE-2022-40684)

October 11, 2022 | Attack Blogs

Introduction The recent FortiOS / FortiProxy / FortiSwitchManager CVE has been reportedly exploited in the wild. We would like to provide additional insight into the vulnerability so users can begin to determine if they have been compromised. In this post we discuss enabling logging and IOCs for FortiOS 7.2.1. These steps will likely work on other vulnerable products, however we...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Attack Research

Filters

How can NodeZero help you?