War Stories from 15K Pentests: With Log4shell, Vulnerable ≠ Exploitable

Jun 22, 2023

In Horizon3.ai’s three years of operation, we have conducted more than 15,000 pentests yielding results for our clients and data for our engineers. Join our CEO, Snehal Antani, for stories from the trenches.

This month we’ll take a look at the Log4shell example, and learn about how the distinction between being vulnerable and being exploitable is so important.

During this session we’ll also look at how AI powered Autonomous Pentesting finally gives organizations the ability to pentest themselves at scale to quickly identify their exploitable attack surface.

Clients Want Assessments to Prove Service Efficacy

Jun 5, 2023

Gartner® recently published a report called, Emerging Tech: Grow Your Security Service Revenue with Cybersecurity Validations. We believe the report provides research from a buyer’s perspective on security services they purchase while offering guidance to MSPs and MSSPs on how to improve retention and upsell rates of the critical services they provide. So, what has Gartner discovered, and what do they recommend?

NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

War Stories from 15K Pentests: With Log4shell, Vulnerable ≠ Exploitable

Jun 22, 2023

This month we’ll take a look at the Log4shell example, and learn about how the distinction between being vulnerable and being exploitable is so important.

Clients Want Assessments to Prove Service Efficacy

Jun 5, 2023

NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)

Contact Horizon3.ai

Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. Contact us now for a quote or if you have any questions.

Not into forms? We’d still love to hear from you.

General Information | info@horizon3.ai

Human Resources | hr@horizon3.ai

Public Relations | press@horizon3.ai

650-445-4457

Looking for More Horizon3.ai Content?

→

Red Team Blog

CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive

by James Horseman | Mar 21, 2024 | Attack Blogs

Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering...

« Older Entries

Next Entries »

Customer Success Blog

NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400

by Stephen Gates | Apr 25, 2024 | Blogs

On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).