Web applications evolved in the last century from simple scripts to single page applications. Such complex web applications are prone to different types of security vulnerabilities. One type of vulnerability, named as secondorder, occurs when an attack payload is first stored by the application on the web server and then later on used in a security-critical operation.
If you are following our blog, you must familiar with Unexpected Journey article series. In this article, I will share our latest real-life pentest experience as well as the technical details of our brand new
0day that helps us to execute operating system commands on Symantec Messaging Gateway. Read More
CRYPTOLOG is a log manager that collects, normalizes, and categorizes massive logs generated across your network and turn it into valuable information on an intuitive interface where advance search, analysis and correlation monitoring becomes easier and more efficient.
By time goes, I’ve found myself more focusing on SIEM product during penetration test. This is the fourth article of my article series called as “Unexpected Journey” which all of them focused on different SIEM products. In this article, I will share the details how I’ve got root access to the SolarWinds Log & Event Management product. Read More
This is the third part of our article series that intended to share my real-life penetration testing experience.In this article, I will share a whole process of how we managed to find a -0day- pre-auth RCE vulnerability on another SIEM product. Read More