RF Fortune Telling: Frequency Hopping Predictability
In the world of wireless communications, security vulnerabilities in implemented protocols canremain hidden behind layers of complexity. What appears secure due to the intricate nature ofRF communications may harbor fundamental weaknesses. Let’s ...
Skeletons in the Closet: Legacy Software, Novel Exploits
The Praetorian team recently discovered a new vulnerability in Ivanti Endpoint Manager (EPM) which serves as a reminder to be aware of legacy systems - patch regularly and test often. The post ...
Cutting Through the Noise: Chariot’s Zero False Positive Guarantee
For years, cybersecurity teams have fought a persistent battle: overwhelming noise generated by vulnerability tools. It’s a familiar scenario – overtaxed security teams drowning in alerts, many leading to false positives or ...
The CTEM Cookbook: Improving Your Vulnerability Program with Continuous Threat Exposure Management (CTEM)
Introduction “You want someone to check whether you’re vulnerable – all the bloody time.” We spend a lot of time talking with our customers. We loved this quote for how directly it ...
Identifying SQL Injections in a GraphQL API
Overview Many vulnerabilities in modern web applications occur due to the improper handling of user-supplied input. Command injection, cross-site scripting, XML External Entity (XXE) injections, and SQL injections all emerge from the ...
Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader
We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike ...
3CX Phone System Local Privilege Escalation Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...
Embracing the Future: The Power of a Global Workforce in Cybersecurity
In an era of rapid technological advancement and an ever-evolving threat landscape, the traditional work and talent management paradigms are being redefined. The world has never been more connected, while data, information, ...
Exploiting Lambda Functions for Fun and Profit
Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the ...
Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!
Overview Nowadays, the convenience of streaming applications on our mobile and web applications has become an integral part of our entertainment experience. However, this experience can come at a cost if we ...