Category: Exploits

Vulnerabilities in 3rd party JavaScript, appliances, libraries, and other dependencies make you vulnerable to attack. Create processes that check for updates daily and patch quickly. If the vendor is unable to keep their code updated, seek an alternative solution. #VendorRisks Featured image is a derivative work from the following images: https://www.pexels.com/photo/close-up-view-of-system-hacking-in-a-monitor-5380664/

How many of the vulnerabilities from your last penetration test report did you risk accept? Everything with a Medium severity or lower? This article is intended to help you reconsider that mindset. Be careful about disregarding penetration testing findings just because they are not High or Critical severities by themselves. Companies are breached every day […]

What if one could do more than just bypass a sandbox (easy), but actually exploit the sandbox to gain access to custom signatures, client lists, and other customers’ files? It may be easier than you think. Here’s details showing how we exploited some of the leading sandboxes in the industry. Proofpoint TAP – Background Nearly […]

Tanium has gained much popularity in the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, are insecure and should not be trusted. This article is about Tanium: https://www.Tanium.com/products/ […]

This is an exploit to gain access to a corporate network through an employee’s unmanaged personal computer via a Citrix XenDesktop VDI. Intro I’m frustrated by the sales pitch for XenDesktop and am concerned for those who have bought into the misleading claim that it is “safe from hackers and protecting the corporate network from […]