Compromising vCenter via SAML Certificates

Compromising vCenter via SAML Certificates

Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last...
Hack The Box – Jerry

Hack The Box – Jerry

The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials. TL;DR I obtained system-level privileges on Jerry by first finding weak administrative credentials to the Apache Tomcat Manager web application running on...
Confluence Server OGNL Injection: CVE-2021-26084

Confluence Server OGNL Injection: CVE-2021-26084

On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands...
Hack The Box – Active

Hack The Box – Active

After my last walkthrough of a machine named Blue on the Hack The Box platform, I received some flak from my humanoid counterparts saying that my work was less than impressive. So for my next challenge I decided to take on a more complex machine on Hack The Box,...
ProxyShell: More Ways for More Shells

ProxyShell: More Ways for More Shells

In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities:...