by Zach Hanley | Oct 4, 2021 | Attack Blogs
Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last...
by Zach Hanley | Sep 16, 2021 | Attack Blogs
Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed OMIGOD, which effects the Open Management Infrastructure (OMI) agent in versions 1.6.8.0 and below. Azure customers...
by Zach Hanley | Sep 13, 2021 | Attack Blogs
On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands...
by Zach Hanley | Sep 4, 2021 | Attack Blogs
In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities:...
by Zach Hanley | Feb 24, 2021 | Attack Blogs
Proof of Concept Exploit for vCenter CVE-2021-21972 Link to Github Repo: CVE-2021-21972 Tested only on Unix VCSA targets. Write the file supplied in the –file argument to the location specified in the –path argument. The file will be written in the context...