Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Attack Paths

    Hack The Box – Mirai

    December 6, 2021
    NodeZero compromised HTB’s Mirai machine by using default SSH creds for user pi, then escalated to root via unrestricted sudo access—gaining full control.
    Read More →
    NodeZero vs Mirai
    Whitepapers

    The Purple Pivot

    November 18, 2021
    This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together.
    Read More →
    Disclosures

    Multiple Vulnerabilities in ResourceSpace

    November 9, 2021
    During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated attacker. The most critical is CVE-2021-41765, a pre-auth SQL injection that an attacker can abuse to gain remote code execution (RCE) privileges on the ResourceSpace server.
    Read More →
    Blogs

    Credential Misconfigurations

    October 25, 2021
    Are your credential policies implemented right? Are your enterprise accounts configured correctly? How do you know? Most phishing, ransomware, and credential attacks start by gaining access to a host and compromising a domain user (Credential Attacks – Horizon3.ai). With a credential in hand, an attacker can persist and pervade, appearing like a legitimate user and…
    Read More →
    Credential Misconfigurations - Abstract cubes that don't fit together properly.
    Attack Blogs

    Apache CVE-2021-41773, CVE-2021-42013

    October 18, 2021
    We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis blog posts have been awesome, but they have been catering to an offensive security audience.
    Read More →
    Apache CVE-2021-41773, CVE-2021-42013
    Whitepapers

    Exposed & Exploited

    October 16, 2021
    While so many are focused on vulnerabilities and malware on endpoints, understanding the attack paths an attacker would exploit to hold your business and brand at risk is key.
    Read More →
    Whitepaper: Exposed and Exploited
    Infographics

    Can You Verify Your Cybersecurity Posture?

    October 7, 2021
    Read More →
    Attack Blogs

    Compromising vCenter via SAML Certificates

    October 4, 2021
    Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last year, as well as a target of many cybercrime syndicates and APTs. In the…
    Read More →
    Compromising vCenter via SAML Certificates
    Whitepapers

    Vulnerable ≠ Exploitable

    September 19, 2021
    The hardest part of cyber security is deciding what NOT to do. Being vulnerable doesn’t mean you’re exploitable.
    Read More →
    A modern open-plan office with large floor-to-ceiling windows and a group of diverse young professionals working collaboratively. Several people are seated at desks using desktop computers, while others are engaged in conversation or using laptops. The space is well-lit with natural light and features minimalist décor, ergonomic chairs, and carpeted flooring.
    Attack Blogs

    OMIGOD – RCE Vulnerability in Multiple Azure Linux Deployments

    September 16, 2021
    Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed OMIGOD, which effects the Open Management Infrastructure (OMI) agent in versions 1.6.8.0 and below. Azure customers effected by this vulnerability are still vulnerable and must take manual action to ensure the OMI agent is updated.…
    Read More →