Syndicated Blog

Security Blog | Praetorian
Continuous Threat Exposure Management
RF Fortune Telling: Frequency Hopping Predictability

RF Fortune Telling: Frequency Hopping Predictability

| | Vulnerability Research
In the world of wireless communications, security vulnerabilities in implemented protocols canremain hidden behind layers of complexity. What appears secure due to the intricate nature ofRF communications may harbor fundamental weaknesses. Let’s ...
residentagent_process

Skeletons in the Closet: Legacy Software, Novel Exploits

| | Vulnerability Research
The Praetorian team recently discovered a new vulnerability in Ivanti Endpoint Manager (EPM) which serves as a reminder to be aware of legacy systems - patch regularly and test often. The post ...
The CTEM Waterfall.

Cutting Through the Noise: Chariot’s Zero False Positive Guarantee

| | Chariot
For years, cybersecurity teams have fought a persistent battle: overwhelming noise generated by vulnerability tools. It’s a familiar scenario – overtaxed security teams drowning in alerts, many leading to false positives or ...
CTEM perspective, these datasets are inputs

The CTEM Cookbook: Improving Your Vulnerability Program with Continuous Threat Exposure Management (CTEM)

| | CTEM
Introduction “You want someone to check whether you’re vulnerable – all the bloody time.” We spend a lot of time talking with our customers. We loved this quote for how directly it ...
Identifying SQL Injections in a GraphQL API

Identifying SQL Injections in a GraphQL API

| | Vulnerability Research
Overview Many vulnerabilities in modern web applications occur due to the improper handling of user-supplied input. Command injection, cross-site scripting, XML External Entity (XXE) injections, and SQL injections all emerge from the ...

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader

We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike ...
3CX-fig-01

3CX Phone System Local Privilege Escalation Vulnerability

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...

Embracing the Future: The Power of a Global Workforce in Cybersecurity

| | people
In an era of rapid technological advancement and an ever-evolving threat landscape, the traditional work and talent management paradigms are being redefined. The world has never been more connected, while data, information, ...
Image 1

Exploiting Lambda Functions for Fun and Profit

Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the ...
Figures 1

Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!

Overview Nowadays, the convenience of streaming applications on our mobile and web applications has become an integral part of our entertainment experience. However, this experience can come at a cost if we ...