Security Practitioner

Introduction Ivanti has recently published an advisory for CVE-2023-38035. The vulnerability has been added to CISA KEV and is described as an authentication bypass in the Ivanti Sentry administrator interface. This new vulnerability comes on the heels of an in-the-wild-exploited vulnerability in Ivanti EPMM (CVE-2023-35078). In this post we will take a deep dive into…

Horizon3.ai CEO Snehal Antani discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn…

Introduction In December 2022, we competed at our first pwn2own. We were able to successfully exploit the Lexmark MC3224i using a command injection 0-day. This post will detail the process we used to discover, weaponize, and have some fun with this vulnerability. You can find our POC here. Printer Acquisition It was rather difficult to…

Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have it exposed to the Internet, we recommend you check out the July 2023…

Art Ocain, Field CISO at Airiam, and Naveen Sunkavally, Chief Architect at Horizon3.ai join forces in this webinar, where you will gain an in-depth understanding of threat actors and their tactics through a LIVE attack simulation.

In Horizon3.ai's three years of operation, we have conducted more than 15,000 pentests yielding results for our clients and data for our engineers. Join our CEO, Snehal Antani, for stories from the trenches. This month we'll take a look at the Log4shell example, and learn about how the distinction between being vulnerable and being exploitable…

On May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest version. The vulnerability, CVE-2023-34362, at the time of release was believed to have been exploited in-the-wild as a 0-day dating back at least…

Hear directly from Zach Hanley, one of Horizon3.ai's founding engineers as he walks you through a recent critical vulnerability case study. He is joined on this session by Scott Friedman, one of our Sales Engineers.

Hear directly from two of Horizon3.ai's founding engineers - Naveen Sunkavally, Chief Architect, and Rob Alderman, Data Architect - as they walk you through an exclusive tour of NodeZero's latest product refresh.

Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers - at least 2000 (two-thirds of all servers) - are running with…