PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Category: Exploits

2024-03-23

3rd Party Vulnerabilities

Vulnerabilities in 3rd party JavaScript, appliances, libraries, and other dependencies make you vulnerable to attack. Create processes that check for updates daily and patch quickly. If the vendor is unable to keep their code updated, seek an alternative solution. #VendorRisks Featured image is a derivative work from the following images: https://www.pexels.com/photo/close-up-view-of-system-hacking-in-a-monitor-5380664/

2023-04-28

Breaching a Network With Risk-Accepted Vulnerabilities

How many of the vulnerabilities from your last penetration test report did you risk accept? Everything with a Medium severity or lower? This article is intended to help you reconsider that mindset. Be careful about disregarding penetration testing findings just because they are not High or Critical severities by themselves. Companies are breached every day […]

2018-01-01

Exploiting Sandboxes

What if one could do more than just bypass a sandbox (easy), but actually exploit the sandbox to gain access to custom signatures, client lists, and other customers’ files? It may be easier than you think. Here’s details showing how we exploited some of the leading sandboxes in the industry. Proofpoint TAP – Background Nearly […]

2017-09-29

Exposing Tanium: A Hacker’s Paradise

Tanium has gained much popularity in the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, are insecure and should not be trusted. This article is about Tanium: https://www.Tanium.com/products/ […]

2016-06-29

Citrix XenDesktop Exploit

This is an exploit to gain access to a corporate network through an employee’s unmanaged personal computer via a Citrix XenDesktop VDI. Intro I’m frustrated by the sales pitch for XenDesktop and am concerned for those who have bought into the misleading claim that it is “safe from hackers and protecting the corporate network from […]

magnifiercrosschevron-down