Log4j vulnerability: Lessons learned in a week
Introduction In this blog post, Praetorian reflects on customer challenges, successes, and lessons learned from our response to the Log4j industry-wide response. Background On the Friday evening of December 10th, Praetorian research and development teams sprang into action, confirming vulnerable systems or exposed vulnerable endpoints for a large number of organizations. It is our belief […]
Log4j Update: False Negatives and Additional Recommendations
We had a busy weekend here at Praetorian. Following the initial disclosure of the Log4j (Log4Shell)* vulnerability, we’ve added a capability to identify the issue to our attack surface enumeration tool. As we scanned production environments for the vulnerability over the weekend we’ve learned a lot more about how the issue can actually look in […]
Log4j: It’s worse than you think
On December 9th, 2021, a new 0-day vulnerability in the popular Java logging package log4j v2.x was announced. The vulnerability is particularly unpleasant as exploitation frequently requires only the ability to cause the system to log an attacker controlled string to a vulnerable logging instance. Thus, the routes of exploitation are broad and often require […]
CIS Controls Version 8 Overview: Bye-Bye “Top 20”
The Center for Internet Security (CIS) has just released Version 8 of their popular security controls. With this version, the “Top 20” moniker has been lost and the list of controls reduced to 18. The Version 8 is a major update to the Safeguards, builds on some of the new features in Version 7.1 (Implementation […]
Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers)
Introduction The OAuth 2.0 authorization framework is designed to improve security by delegating limited access to third-parties without sharing credentials. In our previous blog post on OAuth 2.0 we discussed how OAuth 2.0 implementations should be secured. Unfortunately, it is common for vulnerabilities to be introduced with OAuth 2.0 implementations, particularly on the side of […]
The Elephant in the Room: Why Security Programs Fail
As a Principal with Praetorian, I’ve had the privilege of working with hundreds of clients, from fast growth startups to Fortune 500 giants. As we’ve performed red team exercises simulating an advanced persistent threat against our clients, I’ve seen that (much) more often than not we are able to compromise their “crown jewels.” In several […]
A simple and effective way to detect Broadcast Name Resolution Poisoning (BNRP)
A natural question that arises after an organization experiences a BNRP attack is “How can this be prevented?” The answer is simple on paper. To completely mitigate the risk, legacy Broadcast Name Resolution protocols should be disabled by policy. This is easier said than done, especially on large networks where the necessary data flows of […]
Alibaba Cloud Cross Account Trust: The Confused Deputy Problem
In this second blog post in our series on cross-account trust, we explore Alibaba Cloud and the security implications of their trust model.
Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths
This article examines a Google Cloud Platform (GCP) risk scenario, in which a malicious user can use their privileges in a compromised service to further escalate their privileges.
NIST Cybersecurity Framework Vignettes: Broadcast Name Resolution Poisoning
Our NIST Cybersecurity Framework Vignettes series focuses on the best applications of NIST CSF for your organization. This article addresses the tactic of Broadcast Name Resolution Poisoning.