Vulnerability Research
RF Fortune Telling: Frequency Hopping Predictability
In the world of wireless communications, security vulnerabilities in implemented protocols canremain hidden behind layers of complexity. What appears secure due to the intricate nature ofRF communications may harbor fundamental weaknesses. Let’s ...
Skeletons in the Closet: Legacy Software, Novel Exploits
The Praetorian team recently discovered a new vulnerability in Ivanti Endpoint Manager (EPM) which serves as a reminder to be aware of legacy systems - patch regularly and test often. The post ...
Patch Tuesday Update – November 2024
The post Patch Tuesday Update - November 2024 appeared first on Digital Defense ...
Identifying SQL Injections in a GraphQL API
Overview Many vulnerabilities in modern web applications occur due to the improper handling of user-supplied input. Command injection, cross-site scripting, XML External Entity (XXE) injections, and SQL injections all emerge from the ...
Patch Tuesday Update – October 2024
The post Patch Tuesday Update - October 2024 appeared first on Digital Defense ...
Patch Tuesday Update – September 2024
The post Patch Tuesday Update - September 2024 appeared first on Digital Defense ...
Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader
We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike ...
3CX Phone System Local Privilege Escalation Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...
Patch Tuesday Update – August 2024
The post Patch Tuesday Update - August 2024 appeared first on Digital Defense ...
Exploiting Lambda Functions for Fun and Profit
Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the ...