Research Blog

Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.



Showing 127–132 of 142 results

Apache CVE-2021-41773, CVE-2021-42013

We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis blog posts have been awesome, but they have been catering to an offensive security audience.
Read More

Compromising vCenter via SAML Certificates

Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last year, as well as a target of many cybercrime syndicates and APTs. In the SolarWinds attack, the attackers also...
Read More

OMIGOD – RCE Vulnerability in Multiple Azure Linux Deployments

Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed OMIGOD, which effects the Open Management Infrastructure (OMI) agent in versions and below. Azure customers effected by this vulnerability are still vulnerable and must take manual action to ensure the OMI agent is updated. For Debian systems (e.g., Ubuntu):...
Read More

Confluence Server OGNL Injection: CVE-2021-26084

On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands on the server. A few days later, on August 31, security researchers @iamnoob and @rootxharsh quickly developed a working proof of concept given the vulnerability details and by reverse engineering....
Read More

ProxyShell: More Ways for More Shells

In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE The research detailed a...
Read More