Using NodeZero to Find and Fix Log4Shell

Using NodeZero to Find and Fix Log4Shell

Since news of the Log4Shell vulnerability (CVE-2021-44228/CVE-2021-45046) broke last month, infosec teams have been scrambling to find instances of the vulnerability in their environments and remediate them. It’s been a challenge because of the breadth of impact: any...
Hack The Box – Mirai

Hack The Box – Mirai

The Mirai machine from the Hack The Box platform is named after the infamous Mirai malware from 2016 that infected hundreds and thousands of home routers and IoT devices by scanning for default credentials. TL;DR I obtained initial access to Mirai by scanning it for...
Credential Misconfigurations

Credential Misconfigurations

Are your credential policies implemented right? Are your enterprise accounts configured correctly? How do you know? Most phishing, ransomware, and credential attacks start by gaining access to a host and compromising a domain user (Credential Attacks – Horizon3.ai)....