Red Team
Spinning Webs — Unveiling Arachne for Web Shell C2
Spinning Webs — Unveiling Arachne for Web Shell C2What is a web shell?A web shell is a payload that allows continued access to a remote system, just like other “shells” we refer to in computer security ...
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Horizon3.ai ...
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive
On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an […] The ...
Beyond Breach: The Aftermath of a Cyberattack
Cyberattacks are no longer an occasional headline; they’ve become a grim reality. In 2023 alone, a staggering 236.1 million ransomware attacks occurred globally in just the first half of the year, according ...
Calling Home, Get Your Callbacks Through RBI
Authored By: Lance B. Cain and Alexander DeMineOverviewRemote Browser Isolation (RBI) is a security technology which has been gaining popularity for large businesses securing their enterprise networks in recent years. This blog ...
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If ...
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […] The ...
Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020 (which I highly recommend ...
Navigating the Sea, Exploiting DigitalOcean APIs
Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for ...
Cisco IOS XE CVE-2023-20198: Deep Dive and POC
Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might […] The ...
