Skip to main content

One ring to rule them all – Same RCE on multiple Trend Micro products

Framework’s security has been a known topic for security folks. In fact, we already seen a real impact of single vulnerability within a framework on Apache Struts case. If we consider this risk from the point of products vendor, we could see very similar case. In this article, I will show you how we get RCE on different Trend Micro products because of same codebase used by across the different products. Read More

Advisory | DenyAll Web Application Firewall Unauthenticated Remote Code Execution (CVE-2017-14706)

DenyAll Web Application Firewall is the foundation for next generation application security products. It combines ease of configuration – with its workflow engine and management APIs – with a proven ability to secure web applications. It embeds negative and positive security, in-context, user behavior analysis, and soon-to-be added rWeb advanced security engines, to efficiently protect your web applications while minimizing false positives. Read More

Explore Hidden Networks With Double Pivoting

An n-layered security architecture is created to protect important services required by the concept of Defense-in-Depth, which has an important place in the world of information technology.  If we think about this for the corporate networks; critical systems  can not be in the same network with other systems. In this article, we will analyze with examples how the attackers can access the hidden networks that have no accessibility in the first stage, by using pivoting methods. Read More