Payload detection WAF challenge

One of the things that we implemented early on in our lab is an semi-automated process of collecting some new payloads/exploits/bypass techniques from the public feeds (including Twitter) and checking whether our current WAF solutions can detect it. The Go Test WAF Introduction What if we can test their essential capability of payload detection with … Continue reading Payload detection WAF challenge

Vulners weekly digest #14

There are 4 sections:Vulnerabilities Tools News Research Feedback: Vulnerabilities Not so long ago, the 0-day vulnerability of CVE-2019-19781 was discussed in Citrix ADC and Citrix Gateway, which went unnoticed for at least a month and was used by various hacker groups. This week, Citrix released security updates for Citrix ADC, Citrix Gateway and Citrix SD-WAN … Continue reading Vulners weekly digest #14

Vulners weekly digest #13

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13