Homepage
Open in app
Sign in
Get started
Tenable TechBlog
Learn how Tenable finds new vulnerabilities and writes the software to help you find them
Research
Engineering
Follow
Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster
Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster
Intro
Ben Smith
Apr 2
Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.
Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.
How attackers can add a 2nd token-signing certificate to an Entra ID federated authentication config for stealthy persistence & privesc 🙈
Clément Notin [Tenable]
Jan 31
Entra Roles Allowing To Abuse Entra ID Federation for Persistence and Privilege Escalation
Entra Roles Allowing To Abuse Entra ID Federation for Persistence and Privilege Escalation
Which Entra ID (ex-Azure AD) roles allow configuring federated authentication, thus allowing persistence and privilege escalation 💥
Clément Notin [Tenable]
Jan 9
WordPress MyCalendar Plugin — Unauthenticated SQL Injection(CVE-2023–6360)
WordPress MyCalendar Plugin — Unauthenticated SQL Injection(CVE-2023–6360)
WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to…
Joshua Martinelle
Jan 2
Code for Reading Windows Serialized Certificates
Code for Reading Windows Serialized Certificates
What are Windows “serialized certificates” found on disk? Which CryptoAPI function to open them? Why can’t we enumerate them sometimes?
Clément Notin [Tenable]
Jul 5, 2023
WordPress BuddyForms Plugin — Unauthenticated Insecure Deserialization (CVE-2023–26326)
WordPress BuddyForms Plugin — Unauthenticated Insecure Deserialization (CVE-2023–26326)
WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to…
Joshua Martinelle
Mar 7, 2023
How to pass Snowflake Snowpro Core exam?
How to pass Snowflake Snowpro Core exam?
Introduction
Tom Milner
Feb 23, 2023
Multiples WordPress plugins CVE analysis
Multiples WordPress plugins CVE analysis
WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to…
Joshua Martinelle
Jan 24, 2023
Silo, or not silo, that is the question
Silo, or not silo, that is the question
Is putting most of the critical assets in a silo a good practice or does it lower your security level ? Example with a WSUS.
Gabriel Compan
Jan 18, 2023
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…
Clément Notin [Tenable]
Jan 11, 2023
About Tenable TechBlog
Latest Stories
Archive
About Medium
Terms
Privacy
Teams