Compromising vCenter via SAML Certificates

Compromising vCenter via SAML Certificates

Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last...
Confluence Server OGNL Injection: CVE-2021-26084

Confluence Server OGNL Injection: CVE-2021-26084

On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands...
ProxyShell: More Ways for More Shells

ProxyShell: More Ways for More Shells

In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities:...
POC CVE-2021-21972

POC CVE-2021-21972

Proof of Concept Exploit for vCenter CVE-2021-21972 Link to Github Repo: CVE-2021-21972 Tested only on Unix VCSA targets. Write the file supplied in the –file argument to the location specified in the –path argument. The file will be written in the context...