Blog (FR)

Penetration Testing To Prevent API Attack

27.mai.2022

Anthony Ippolito, Security Consultant, Outpost24

This blog describes the attack path we have uncovered during a recent penetration test of a web application, coupled with a back-end infrastructure assessment. Throughout we introduce different attack techniques and tools that can be used to attack the underlying infrastructure and APIs of a web application.

Opensource from hell: malicious JavaScript distributed via opensource libraries, again

17.mar.2022

Martin Jartelius, CSO, Outpost24

It’s open source, anyone can audit it, but is it safe? In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it.

Conveniently insecure: the tradeoff between security and convenience

21.fév.2022

Martin Jartelius, CSO, Outpost24

When it comes to making business decisions about new technologies and software adoption into your organization – it’s vital to work with your security team to balance the need for speed without sacrificing security. Being the go-to person for IT security controls, our Group CSO, Martin Jartelius explains how he approaches this by playing ‘devil’s advocate’ to assess if the technology that makes the business operate better and faster is really worth the risks it comes bundled with.

Alice in Windowsland: 3 ways to escalate privileges and steal credentials

01.oct.2021

Liatsis Fotios, Senior Security Consultant

Read how our red team used different attack techniques to hack AppLocker restrictions by implementing escalated privileges and reusing the Credentials Manager to extract stored data and Azure information.

Multiple vulnerabilities discovered in Pyrescom Termod4 smart device

29.jan.2021

Hugo van den Toorn and Jonas Mattsson

Read how our red team outsmarted a smart time management device and discovered CVE-2020-23160, CVE-2020-23161 and CVE-2020-23162

Social distancing times are social engineering times

12.juin.2020

Martin Jartelius, CSO, Outpost24

Recently, we encountered an attacker who had taken efficient spear-phishing to an interesting and increased level of consistency and automation. We’ve also seen firsthand the speed at which this attacker learned from some initial mistakes to launch their successful attack which we identify in the examples in this blog.

Responsible disclosure: Multiple stored XSS vulnerabilities discovered in ServiceNow ITSM by Outpost24

05.mai.2020

Hugo van den Toorn, Manager Offensive Security at Outpost24

During a web application pentest by our Ghost Labs OffSec team in March last year, we discovered multiple stored cross-site scripting vulnerabilities on the widely popular ServiceNow IT Service Management software. After informing our customers, we reached out to the vendor (ServiceNow). In collaboration with them, the vulnerabilities are quickly triaged and remediated in later versions of the product. To remediate we urge users of the ServiceNow platform to upgrade to the latest stable version. We would like to thank ServiceNow’s security team for their swift and adequate response.

Tools of the trade: PiPlant, dropping it like it’s hot

23.oct.2019

Hugo van den Toorn, Manager Offensive Security at Outpost24

In this blog I will share why we use hardware implants for our Red teaming and physical penetration tests, how they work and how we make them.

Vulnerabilities discovered by Outpost24 in Oracle WebCenter Sites

07.aoû.2019

Jonas Mattsson, Ghost Labs

This post explains how the vulnerabilities in Oracle Webcenter Site were found and how they can be exploited.

Vulnerability discovered in gSOAP by Outpost24

01.avr.2019

Kristian Varnai Pettersson, Senior Security Consultant at Ghost Labs by Outpost24

When performing a penetration test, there is usually something to be found and reported on. Every once in a while, there’s a client with such great security posture that there are simply no major issues in their web application. When this happens, it can mean only one thing: we need to go deeper!