Version Tested 2.1.8 CVE Number CVE-2019-7550 Security Advisories None Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Issue When creating a new user within the application, the browser sends a GET request to the server to […]

Read More

Enterprise Password Security Scores

LogMeIn did a really cool report they’re nicknaming “The State of the Password“, which breaks down a company’s security score by size and industry. They took a census of 43,000 companies to gather all of this data. Here are some highlights of the report: The bigger the company, the worse the score This one should […]

Read More Enterprise Password Security Scores

Antivirus Bypass Technique

A lot of users think having an antivirus is the silver bullet to all of their security problems. Plot twist: It isn’t.  There is a relatively simple way to bypass antivirus and execute code on a remote machine, and the whole process takes less than 30 minutes. First, you need a Kali VM that has […]

Read More Antivirus Bypass Technique

Playing in Sandboxes

For researchers getting into malware analysis, or organizations that need somewhere to test suspicious files, sandboxes are a great way to isolate and run potentially malicious attachments or files before letting them get into your network. You can use any of the available cloud services like Cisco’s ThreatGrid, any.run, or Joe Sandbox. The downside to […]

Read More Playing in Sandboxes