Skeletons in the Closet: Legacy Software, Novel Exploits
The Praetorian team recently discovered a new vulnerability in Ivanti Endpoint Manager (EPM) which serves as a reminder to be aware of legacy systems - patch regularly and test often. The post Skeletons in the Closet: Legacy Software, Novel Exploits appeared first on Praetorian ... Read More
Identifying SQL Injections in a GraphQL API
Overview Many vulnerabilities in modern web applications occur due to the improper handling of user-supplied input. Command injection, cross-site scripting, XML External Entity (XXE) injections, and SQL injections all emerge from the downstream effects of unsanitized user input. SQL injection has held a high-ranking spot on the OWASP top 10 ... Read More
3CX Phone System Local Privilege Escalation Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at the 3CX Phone Management System with the goal of identifying an unauthenticated ... Read More
Embracing the Future: The Power of a Global Workforce in Cybersecurity
In an era of rapid technological advancement and an ever-evolving threat landscape, the traditional work and talent management paradigms are being redefined. The world has never been more connected, while data, information, and wealth derived from both data and information have never been more compromised. At Praetorian, we recognize that ... Read More
Exploiting Lambda Functions for Fun and Profit
Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the client’s AWS environment or gain access to sensitive data belonging to other users. Their solution to sandboxing untrusted ... Read More
Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!
Overview Nowadays, the convenience of streaming applications on our mobile and web applications has become an integral part of our entertainment experience. However, this experience can come at a cost if we overlook the security of these applications. In this blog post, we will delve deeper into a critical account ... Read More
