Thomas Tan

Security Blog | Praetorian

Overview CVE-2019-1166 (“Drop the MIC”) is a tampering vulnerability in Microsoft Windows, specifically targeting the NTLM (NT LAN Manager) authentication protocol. The vulnerability allows a man-in-the-middle attacker to bypass the NTLM Message Integrity Check (MIC) protection. By doing so, the attacker can tamper with the NTLM authentication process without invalidating ... Read More

On March 22nd, 2019, CapitalOne experienced a data breach that resulted in the loss of more than 100 million credit card applications. This vulnerability resulted from a misconfigured web application firewall, which caused a server-side request forgery vulnerability. This issue then allowed an attacker to gain access to an AWS ... Read More

Gaining a comprehensive understanding of the external assets in an environment is essential for accurately mapping the attack surface of our clients. If you don’t know something exists, you can’t attack or defend it. Identifying these adjacent assets with various capabilities is crucial for assisting IT departments looking to map ... Read More

Overview The implementation of GraphQL in enterprise systems has grown rapidly. A recent report from Gartner predicted that at least 50% of enterprises will be implementing GraphQL in their production environments by the end of the calendar year. With its increasing adoption, correctly accounting for the security of GraphQL APIs ... Read More

Introduction On a recent client engagement, we tested a startup’s up-and-coming SaaS data platform and discovered an alarming attack path. The specific feature names and technologies have been generalized to anonymize the platform. Like many data platforms, various source types could be configured to ingest data, such as third-party CRM ... Read More

Overview We have recently identified several vulnerable HTTP requests that allow attackers to capture access keys and session tokens for a web application’s AWS infrastructure. Attackers could use these keys and tokens to access back-end IOT endpoints and CloudWatch instances to execute commands. This blog was developed to raise awareness ... Read More

Overview Unconstrained delegation is a feature in Active Directory that allows a computer, service, or user to impersonate any other user and access resources on their behalf across the entire network, completely unrestricted. A typical example of a use case for unconstrained delegation is when certain services require access to ... Read More

In today’s dynamic world, where the boundaries of geography and time zones blur, fostering a cohesive company culture and unity becomes paramount. At Praetorian, we take immense pride in being a remote-first startup that spans across 11 countries, with the exciting addition of a 12th in just a few months ... Read More

On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names, home addresses, email addresses, phone numbers, and medical status details ... Read More

As digital landscapes continue to evolve daily, organizations are increasingly aware and focused on their attack surfaces to identify and mitigate potential risks. However, a troubling trend has emerged: companies are often compelled to pay bug hunters for exploiting vulnerabilities based on surface-level discoveries. At Praetorian, we challenge this norm ... Read More