Home → Aon’s Cyber Labs
From:
toContent Type
Content Type
Connect to dialup modems over VoIP using SIP, no modem hardware required
A framework to extract and parse Cobalt Strike Beacon configurations
A behind the scenes look at an Executive Vulnerability Assessment
A collection of useful tips, tricks, and techniques for discovering IDORs
How an Advanced Threat Group Leveraged Microsoft Azure to Gain Persistent Access to Emails
A detailed walkthrough of the process hollowing injection technique.
A review of the latest changes to the malware evasion technique by the Ragnar Locker ransomware actors.
A deep dive into Solidity's new built-in model checker
Walkthrough of a recent red team operation involving OGNL injection and WAF bypass
Observations, common pitfalls, and recommendations when responding to NetScaler incidents.
Oracle WebLogic Unauthenticated Remote Code Execution via malicious JNDI lookup
SA-CORE-2019-010: Drupal 8 file upload vulnerability leads to potential RCE
Remote Code Execution, Local Privilege Escalation, and XSS in FreePBX
CVE-2019-15959: Local Vulnerability in Cisco SPA500 Series Firmware 7.6.2SR5
Introducing a new plugin for Burp Suite that allows for team collaboration
CVE-2019-12143 – 12146: RCE and Information Disclosure in WS_FTP Server 8.6.0
Aon's Cyber Solutions recently discovered a vulnerability in The New York Times' Virtual Agent
An overview of Hyper-V’s guest/host communications and attack surface
CVE-2019-1923: Local Vulnerabilities in Cisco SPA500 Series Firmware 7.6.2SR5
CVE-2019-11408, CVE-2019-11409: Malicious caller ID to RCE in FusionPBX
CVE-2019-12153, CVE-2019-12154: SSRF/XXE in RealObjects PDFreactor 10
CVE-2019-10068: RCE as Administrator via deserialization vulnerability in Kentico CMS 12.0.14
CVE-2019-6714: RCE via path traversal in BlogEngine.NET 3.3.6.0
CVE-2018-19365: Root local file inclusion in Wowza SRM 4.7.4.01
174
