Unauthenticated RCE in Centos Web Panel 7 (CWP) - CVE-2022–44877
Jan 26, 2023
Recent Posts
By Mohammad Hussam Alzeyyat
Jan 26, 2023
Unauthenticated RCE in Centos Web Panel 7 (CWP) - CVE-2022–44877
In this blog, we are going to break down the Centos Web Panel RCE, dive deep into the dynamic and static analysis, also trying to simulate the backend code.
By Shahar Reichman
Jan 17, 2023
New Reboot & Message Box Popups
New restart popup window and custom message for your end user.
By Mohammad Hussam Alzeyyat
Jan 12, 2023
JWT Arbitrary Command Execution - CVE-2022–23529
I'm trying to analyze JsonWebToken CVE-2022–23529 and see if there is a possibility or how I may proceed to find a way to achieve full RCE, however, after the analysis, I'm not sure if this is possible.
By Paul Lighter
Jan 11, 2023
When the Target is Also the Threat
A software failure grounded thousands of flights today, raising a complicated question - how do you secure an unstable system? The answer has never been more urgent.
By Paul Lighter
Jan 06, 2023
The Uncomfortable Implications of the LastPass Attack
The recent attack on LastPass has people questioning if they can trust password managers. But there's a bigger issue lurking underneath - can you trust ANY security vendor?
By Mohammad Hussam Alzeyyat
Dec 31, 2022
Unique Exploit - Persistence through CVE-2022-30507
We are presenting a unique exploit that helps us exploit Notable app CVE-2022-30507, mainly we are using this for persistence and social engineering.
By Sagar Tiwari
Dec 30, 2022
Attacks on WebSockets
In a connected world, the instant transition of information is a must. Websocket is a protocol that comes in handy where speed and reliability are vital.
By Paul Lighter
Dec 28, 2022
ChatGPT Storms Onto the Cybersecurity Scene
The AI writer everyone's talking about could transform cybersecurity as with so much else. Here are three possible outcomes: good, bad, and ugly.
By Khurram Arif
Dec 24, 2022
WSO2 RCE (CVE-2022-29464)
Vulnerability CVE-2022-29464 being used in the wild to exploit
arbitrary remote code execution through unfettered file uploads (RCE).
By Khurram Arif
Dec 23, 2022
CVE-2022-22965 Spring4Shell
Spring MVC or Spring WebFlux application running on JDK 9+ susceptible to remote code execution (RCE).
By Jenny R
Dec 14, 2022
Why do you need both IDS and IPS, or maybe the NGFW too?
I would like to straighten the defense of the web application by talking about Intrusion Detection and Prevention Systems (IDS and IPS) as the third member of this security trio defense: WAF, RASP, and IDPS.
By acephale 4w
Dec 13, 2022
Cyber Kill Chain
Cyber Kill Chain - what is it, and why do we need it.
By Paul Lighter
Dec 12, 2022
Zero Trust Guidance Rewrites US Cyber Strategy
With new guidance from the Department of Defense, the U.S. has made an unprecedented commitment to zero trust cybersecurity. But is this a sound strategy or a looming disaster?
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s
By Jenny R
Dec 06, 2022
Runtime Application Self-Protection
To protect the application besides adding a Web Application Firewall as a first-line defense we can also add Runtime Application Self-Protection (RASP). In this article, we will talk about this emerging technology!