Education
CVE-2023-23397 enables a threat actor to send a calendar invite whereby the properties of the msg file can include a path for the reminder sound file. This is achieved by setting:
Read more “The Long Game: Persistent Hash Theft”
Defence
Spotted on twitter (thanks Danny!):
CISA updates the known exploited vulnerabilities list (KEV) yesterday with another 38 updates!
That means an update is required for OFFESNIVE KEV!
Read more “Offensive KEV Updates! CISA releases 38 more CVEs to KEV”
Education
There’s thousand of vulnerabilities, but do you ever struggle work out what ones might actually be useful to you if you are defending or attacking?
Well don’t worry I’ve started to document some things that might help you both attack and defend in CYBERSPACE!
Read more “PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV”
Defense
There’s a new CVE in town but don’t think it’s the only problem you get when you expose administrative interfaces to the wild west of the internet (yeeha or something). Let’s go on a quick exploration of what the world looks like with the help of our friends at Shodan and then let’s see the ramblings of Dan when looking at how benign enumeration and exploration of services can work. Let’s get started looking at the world, a quick face analysis on Shodan with vmware as a product shows a hit or two, what we are going to focus on is vCenter but you know.. you might want to review your attack surfaces so any exposed services (damn people expose some risky stuff!) Read more “Exposed VMWARE vCenter Servers around the world (CVE-2021-22005)”