Blog

Critical CVEs and Active Threats: CoreBos, Adobe Coldfusion, Kibana Server and More…

November 29, 2023November 28, 2024

This week from November 20 to November 24, Firecompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and somenew & well known malwares targeting industries for this week.… Read More »Critical CVEs and Active Threats: CoreBos, Adobe Coldfusion, Kibana Server and More…

Attack & Defend LLMNR: A Widespread Shadow Network Discovery Protocol

November 24, 2023November 28, 2024

Link-Local Multicast Name Resolution (LLMNR), a seemingly important protocol in Windows environments, can be a silent accomplice for cyber adversaries seeking to exploit network vulnerabilities. Let us understand the technical intricacies of LLMNR and unravel how it can be exploited for reconnaissance purposes, examining each step from a Red Teamer’s perspective. Understanding LLMNR LLMNR is… Read More »Attack & Defend LLMNR: A Widespread Shadow Network Discovery Protocol

Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

November 23, 2023November 28, 2024

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that ensure secure communication over the internet. They provide data encryption, authentication, and integrity verification to protect sensitive information transmitted between a user’s web browser and a website, or between servers. This security is crucial for online transactions, sensitive data exchange,… Read More »Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

NoSQL, means “not only SQL,” refers to a broad category of database technologies that are intended to manage huge volumes of unstructured and semi-structured data.

Detecting NoSQL Injection

November 22, 2023November 28, 2024

SQL Injection is an evergreen vulnerability being discovered on a regular basis in enterprise products and open source libraries as shown by the below chart. Apart from SQL Injection, there are multiple types of injection vulnerabilities such as Command Injection, Nosql injection, OS injection, HTML injection etc. Over the past 10 years, NoSQL databases have… Read More »Detecting NoSQL Injection

Critical CVEs And Active Threats This Week (November 13th – 17th)

November 20, 2023November 28, 2024

This week from November 13 to November 17, Firecompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and somenew & well known malwares targeting industries for this week.… Read More »Critical CVEs And Active Threats This Week (November 13th – 17th)

Blog

Critical CVEs and Active Threats: CoreBos, Adobe Coldfusion, Kibana Server and More…

Attack & Defend LLMNR: A Widespread Shadow Network Discovery Protocol

Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

Detecting NoSQL Injection

Critical CVEs And Active Threats This Week (November 13th – 17th)

Use Cases

Technology

About

Partner

Resources