Open in app
Sign inGet started
CVE-2024–8182 : Accidental Discovery of an Unauthenticated DoS

CVE-2024–8182 : Accidental Discovery of an Unauthenticated DoS

While reviewing some LLM related products with the team, we came across FlowiseAI.
Go to the profile of Joshua Martinelle
Joshua Martinelle
IoT firmware emulation and device fingerprinting challenges

IoT firmware emulation and device fingerprinting challenges

Gathering information on a device could be tricky if you don’t have direct access to exposed services like SNMP, HTTP, FTP, or any other…
Go to the profile of Gabriel Compan
Gabriel Compan
Using conflicting objects in Active Directory to gain privileges

Using conflicting objects in Active Directory to gain privileges

Why CNF objects may be more dangerous than you think
Go to the profile of Antoine Cauchois
Antoine Cauchois
Solidus — Code Review

Solidus — Code Review

As a Research Engineer at Tenable, we have several periods during the year to work on a subject of our choice, as long as it represents an…
Go to the profile of Joshua Martinelle
Joshua Martinelle
Stealthy Persistence with “Directory Synchronization Accounts” Role in Entra ID

Stealthy Persistence with “Directory Synchronization Accounts” Role in Entra ID

“Directory Synchronization Accounts” Entra role is very powerful while being hidden to admins, making it a perfect stealthy backdoor 🙈
Go to the profile of Clément Notin [Tenable]
Clément Notin [Tenable]
WordPress : From vulnerability identification to compromising

WordPress : From vulnerability identification to compromising

WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to…
Go to the profile of Joshua Martinelle
Joshua Martinelle
Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster

Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster

Intro
Go to the profile of Ben Smith
Ben Smith
Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.

Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.

How attackers can add a 2nd token-signing certificate to an Entra ID federated authentication config for stealthy persistence & privesc 🙈
Go to the profile of Clément Notin [Tenable]
Clément Notin [Tenable]
Entra Roles Allowing To Abuse Entra ID Federation for Persistence and Privilege Escalation

Entra Roles Allowing To Abuse Entra ID Federation for Persistence and Privilege Escalation

Which Entra ID (ex-Azure AD) roles allow configuring federated authentication, thus allowing persistence and privilege escalation 💥
Go to the profile of Clément Notin [Tenable]
Clément Notin [Tenable]
WordPress MyCalendar Plugin — Unauthenticated SQL Injection(CVE-2023–6360)

WordPress MyCalendar Plugin — Unauthenticated SQL Injection(CVE-2023–6360)

WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to…
Go to the profile of Joshua Martinelle
Joshua Martinelle
About Tenable TechBlogLatest StoriesArchiveAbout MediumTermsPrivacyTeams