Caitlin CondonIt always makes me smile when I see a security start-up or a research team use the phrase "Not all vulnerabilities are created equal," because #AttackerKB has been using that phrase since early 2020. I doubt we were the first, but it's entertaining to see it echoed so many places these days. It's hard not to be derivative pretty much anywhere on the internet, but the volume of copycat language I'm seeing pop up generally in EASM and intelligence marketing materials is kinda disappointing. Folks in this industry are smart and creative and fully capable of creating original messaging, you know? Ah, well. https://attackerkb.com/about
Ron BowesWe try! I also try to tag #AttackerKB here when I post something, in case you want to follow that hashtag :)
Published a detailed #AttackerKB writeup for the #Juniper J-Web vuln from a couple weeks ago - CVE-2023-36844 (and friends). It's largely based on the public #PoC from Watchtowr, but I took it a step further and showed how to break out of the BSD jail to access the OS.
Enjoy!
https://attackerkb.com/topics/1PKX0CCXkX/cve-2023-36844/rapid7-analysis
Posted a technical #AttackerKB #writeup of CVE-2022-47986 (CVE_2022_47986 / #CVE202247986), a #Ruby #deserialization #vulnerability in IBM's Aspera software, which runs on a humorously old version of Ruby:
https://attackerkb.com/topics/jadqVo21Ub/cve-2022-47986/rapid7-analysis?source=mastodon
Christiaan BeekFantastic in-depth analytics of CVE-2022-47966: https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966 #AttackerKB @catc0n @todb
Wrote up a pair of #AttackerKB entries for the two vulnerabilities in #F5 #BigIP that we released today (largely the same as the blog, but more focus on technical and less on the story):
https://attackerkb.com/topics/i21EbdNxks/cve-2022-41622/rapid7-analysis
https://attackerkb.com/topics/ZClTQn4aG4/cve-2022-41800/rapid7-analysis
