Security Practitioner



Showing 25–30 of 95 results

Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting

Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass exploitation and implantation. In this post we share our technical insights so far into these vulnerabilities. Cisco IOS XE Architecture...
Read More

VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs

Introduction This report is a follow up to https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/. Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). In that report, we showed how an attacker could use three different CVEs to achieve remote code execution. During the course of that investigation, we noticed the fix provided by...
Read More

Tech Talk: Journey to OSCP

Horizon3.ai Senior Engineer Noah King discusses the journey of obtaining an Offensive Security Certified Professional (OSCP) certification. Whether you're a cybersecurity enthusiast or a beginner looking to explore the field, you'll learn tips and tricks to help you navigate the certification process, including: - How to get started in Offensive Security with little or no prior experience. - An understanding...
Read More

Apache Superset Part II: RCE, Credential Harvesting and More

Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that enables unauthorized attackers to gain admin access to these servers. We also alluded to methods that an attacker, logged in as an admin, could use to harvest credentials and execute...
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.