Resource Center

Join us in side-saddling on an attacker’s journey with Noah King to become an ethical hacker!

Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.

On January 28, 2022, CEO and Co-founder Snehal Antani sat down with host David Raviv of NY Information Security Meetup for an insightful fireside chat. They discussed Snehal’s career as former CTO of Splunk and JSOC, his inspiration for starting Horizon3, and his outlook on the future of cyber warfare.
Learn about:
– Employing a defense strategy w/ multiple layers
– Identifying weaknesses in your defenses and systems prior to a breach,
– And adopting a continuous and proactive cycle where you find – fix – verify

Log4Shell is a “once-in-a-decade” type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it’s important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to understand its real impact and prioritize its remediation.

Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)

Join us in side-saddling on an attacker’s journey with Noah King to become an ethical hacker!

Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)

Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE.

Businesswire 02/02/2023 Horizon3.ai, a leading cybersecurity firm focused on autonomous penetration testing, today issued, “Year in Review 2022: Through the Eyes of the Attacker,” its inaugural edition of the cybersecurity threatscape. Read the entire article here

Introduction The recent VMware VMSA describes four new CVEs affecting VMware vRealize Log Insight, reported by ZDI. Three of these CVEs can be combined to give an attacker remote code execution as root. This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details...

Introduction The recent VMware VMSA describes four new CVEs affecting VMware vRealize Log Insight. Three of these CVEs can be combined to give an attacker remote code execution as root. This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. CVE-2022-31704: VMware vRealize Log Insight broken access control Vulnerability CVE-2022-31711: VMware vRealize Log Insight contains an Information...

Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain remote code execution by issuing a HTTP POST request containing a malicious SAML response. This vulnerability is a result of using an outdated version of Apache Santuario for...

Introduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on is enabled or has ever been enabled. ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management. Given the nature of these products, a vulnerability...

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

No Results Found

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

No Results Found

Resource Center

Filters