This is the third part of our article series that intended to share my real-life penetration testing experience.In this article, I will share a whole process of how we managed to find a -0day- pre-auth RCE vulnerability on another SIEM product.
(more…)0day advisory authentication cve cyber django exploit hacking logpoint metasploit middleware product security vulnerability
-
Unexpected Journey #2 – Taking Down Entire Domain Using Vulnerabilities of a SIEM Product
As I said on my previous article, being a penetration tester makes us feel like a group of traveler. Today, I would like to share a details about yet another 0day vulnerability we’ve found during penetration test which later lead us to take down entire domain network.
(more…) -
Advisory | CVE-2017-6398 Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
In this article, we will show details and metasploit module for vulnerability that affects Trend Micro’s IMSVA solution.
(more…) -
Unexpected Journey into the AlienVault OSSIM/USM During Engagement
Being a penetration tester makes us feel like a group of traveler. Discovering the internal world of the institution during engagement gives us the opportunity to make unexpected journeys. In this article, I will share a details of how we got an access to the heart of the company.
(more…)