Blogs

Later, he saw a REAL wolf prowling about his flock. Alarmed, he leaped to his feet and sang out as loudly as he could, “Wolf!

Background:

Background: 

This year’s 

Introduction

Background
While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application.

Version Tested: 2.1.8

CVE Number: CVE-2019-7550

Background

In my previous life, I spent a lot of time analyzing malware and figuring out how it worked in order to defend against it. One trend that has increased across the industry is the use of fileless malware and specifically mshta.exe as a method of infection. Now that I’m on offense, I wanted to take some time to flesh out how it could be used in red teaming and adversarial simulation.

From Jonathan Swift’s 

2018 was another year of change in the cybersecurity industry. We’ve had some interesting conversations with customers, partners, providers, and analysts over the past twelve months, and we’re excited about where the industry is headed – at least from our vantage point.

We are all seeing the 2019 prediction stories, and many of the broader trends focus on endpoint security and the impact of staff shortages, to name a few.  

Just over a month ago, Marriott International, one of the world’s largest hotel chains, announced that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Among the hotels under the Starwood brand are the W Hotels, St. Regis, Sheraton, Westin, and Design Hotels and Resorts, as well as all Starwood-branded timeshare properties.