Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
huntress.com
Validating the SolarWinds N-central “Dumpster Diver” Vulnerability
Update 1/26/2020: MITRE assigned CVE-2020–7984 for this vulnerability.Update 12:55pm 1/24/2020: SolarWinds has released two hotfixes for the vulnerabilities! You can find these fixes on their support ... Read more
-
huntress.com
Validating the Bishop Fox Findings in ConnectWise Control | Huntress
In computer security, responsible disclosure is a vulnerability disclosure model in which an issue is publicly disclosed only after a period of time that allows for the affected party to patch/resolve ... Read more
-
huntress.com
Keeping up with BlueKeep
Remote Desktop Services (RDS) benefit employees and IT administrators alike. With employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home 🏠. It ... Read more
-
Comae Technologies
How to Solve the Blindspots of Event-Driven Detection
A while back, I discussed how memory could be used as an ultimate form of the log as long as the analysis workflow and process is smooth.This blog post will start by explaining the blind spots created ... Read more
-
carnal0wnage.com
Jenkins - CVE-2018-1000600 PoC
second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins. ... Read more
-
carnal0wnage.com
Jenkins - messing with exploits pt3 - CVE-2019-1003000
References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln ... Read more
-
carnal0wnage.com
Jenkins - SECURITY-180/CVE-2015-1814 PoC
Forced API token change SECURITY-180/CVE-2015-1814 Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 POST /user/user2/descriptorByName/jenkin ... Read more
-
carnal0wnage.com
Jenkins - SECURITY-200 / CVE-2015-5323 PoC
API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission t ... Read more
-
carnal0wnage.com
Jenkins Master Post
A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uraniu ... Read more
-
carnal0wnage.com
Jenkins - messing with exploits pt2 - CVE-2019-1003000
After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the f ... Read more