Security Practitioner



Showing 79–84 of 95 results

Using NodeZero to Find and Fix Log4Shell

Log4Shell is a "once-in-a-decade" type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it's important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to understand its real impact and...
Read More

The Purple Pivot

This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together.
Read More

Multiple Vulnerabilities in ResourceSpace

During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated attacker. The most critical is CVE-2021-41765, a pre-auth SQL injection that an attacker can abuse to gain remote code execution (RCE) privileges on the ResourceSpace server.
Read More

Apache CVE-2021-41773, CVE-2021-42013

We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis blog posts have been awesome, but they have been catering to an offensive security audience.
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.