-
Using Kafka as a Fast Correlation Engine
In this article, we explore how Kafka Streams can be utilized for filtering and correlating events in real time, effectively transforming Kafka into a high-speed correlation engine. By leveraging the capabilities of ksqlDB, you can deploy content rules and filter alerts directly within Kafka. This approach enables real-time filtration and aggregation of log event flows using…
-
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege…
-
New advisory released: Skyhigh Security Secure Web Gateway: Information Disclosure Due to Same Origin Policy Bypass on Block Page.
New advisory released: Skyhigh Security Secure Web Gateway: Information Disclosure Due to Same Origin Policy Bypass on Block Page. Go to Source
-
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions.
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions. Go to Source
-
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data. Go to Source
-
New advisory released: Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials.
New advisory released: Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials. Go to Source
-
On 17 June 2024, Alexander Neumann will give a lecture at the Hasso Plattner Institut in Potsdam titled “Behind the Screens: Insights and Stories of Real-World Penetration Testing“. The slides are available for download under Talks.
On 17 June 2024, Alexander Neumann will give a lecture at the Hasso Plattner Institut in Potsdam titled “Behind the Screens: Insights and Stories of Real-World Penetration Testing“. The slides are available for download under Talks. Go to Source
-
On 10 July 2024, Alexander Neumann will give the lecture “Behind the Screens: Insights and Stories of Real-World Penetration Testing“ in German at the IT Center of RWTH Aachen University. The lecture is public and takes place at 16:30 o’clock at the ITC lecture hall at Seffenter Weg 23.
On 10 July 2024, Alexander Neumann will give the lecture “Behind the Screens: Insights and Stories of Real-World Penetration Testing“ in German at the IT Center of RWTH Aachen University. The lecture is public and takes place at 16:30 o’clock at the ITC lecture hall at Seffenter Weg 23. Go to Source
-
Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall – Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.
Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall – Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications. Go to Source
-
RedTeam Pentesting has a new member: Tobias Ferring reinforces the team as a new penetration tester.
RedTeam Pentesting has a new member: Tobias Ferring reinforces the team as a new penetration tester. Go to Source