Summary:
Cloud Composer, a managed service on Google Cloud Platform, allows users to manage workflows using Apache Airflow. This article discusses how an attacker can exploit default configurations and gain…Author: Netspi
Short Summary:
Recent advancements in penetration testing for CICS and IMS applications have highlighted the need for enhanced security measures in mainframe environments. This article discusses seven common vulnerabilities found …
Short Summary:
The article discusses the evolution of Azure Automation Accounts, particularly the introduction of Runtime Environments, which allow for custom PowerShell modules and Python packages. It highlights the potential …
Short Summary:
This article discusses the benefits of having access to a testing LPAR at NetSPI, particularly during penetration testing engagements. It details how to retrieve information from in-memory tables …
Short Summary:
This article discusses SQL Server credential objects and their potential abuse by threat actors to execute code as different user accounts. It highlights how penetration testers and red …
Short Summary:
CVE-2024-37888 is a cross-site scripting (XSS) vulnerability found in the Open Link plugin for CKEditor 4, allowing attackers to execute arbitrary JavaScript in users’ browsers through manipulated links. …
Short Summary:
This article discusses the exploitation scenarios using GCPwn, a tool for penetration testing Google Cloud Platform (GCP). It details various steps involved in the attack path, including setting …
Short Summary
Read More
DEF CON 32 gathered thousands of hackers and security enthusiasts, providing opportunities for learning and networking. Attendees shared insights from various talks, emphasizing the importance of proactive security …
“`html
Short SummaryMicrosoft’s Azure Arc service, introduced in 2019, enables the integration of on-prem resources with Azure cloud. However, it poses security risks due to its authentication model, which …
“`html
Short SummaryThis article discusses the potential for privilege escalation in Google Cloud Platform (GCP) through the misuse of Google Groups with open join settings. It highlights how users …
GCPwn is a python-based framework for pentesting GCP environments. While individual exploit scripts exist today for GCP attack vectors, GCPwn seeks to consolidate all these scripts and manage multiple sets …
The NetSPI Agents
Read More
The NetSPI Agents have encountered various chatbot services that utilize a large language model (LLM). LLMs are advanced AI systems developed by training on extensive text corpora, …
Intro – What is Prototype Pollution?
Read More
Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead …
During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. …
Summary: The interaction between web2 client-server architectures and web3 systems presents security challenges. Web3 systems often rely on classic centralized components, which can create unique attack surfaces. In this post, …
Summary: Azure Deployment Scripts with User-Assigned Managed Identities can be exploited by attackers to gain unauthorized access and escalate privileges. The Deployment Scripts service allows users to run code in …
____________________ Summary: The article discusses the Azure Batch service and highlights potential areas for misconfigurations and sensitive data exposure. It explains how the service functions as a middle ground between …
______________________ Summary: The article discusses the technique of HTML smuggling and introduces a new approach using Web Assembly (Wasm). It explains how Wasm allows code to be written in system …
Summary: TOTP (Time-Based One-Time Password) is a common two-factor authentication method that generates time-sensitive passcodes. However, it has become outdated and vulnerable to brute force attacks. In this article, the …
______________________ Summary: The blog post discusses the potential security risks associated with Azure Container Registry (ACR) and the abuse of Managed Identities to generate tokens. It introduces a tool called …
____________________ Summary: XPath Injection is a significant threat in web applications that allows attackers to exploit user input and gain unauthorized access to sensitive data. This blog explores the risks …
______________________ Summary: The article discusses the discovery of a vulnerability in Azure Function Apps that allowed for the extraction of managed identity credentials. The issue has since been addressed by …