all InfoSec news
How I Exploited A VPN To PWN A Company
July 25, 2022, 12:33 p.m. | Dhanesh Dodia
Hacker Noon - cybersecurity hackernoon.com
The following are the vulnerabilities chained during an RTO:
1. Pre-Auth Arbitrary File Reading - CVE-2019–11510
2. Post-Auth Cross-Site Scripting - CVE-2019–11507
3. Post-Auth(admin) Command Injection - CVE-2019–11539
4. Missing Brute Force Prevention on Authentication
5. Weak Password Policy
cloud security cybersecurity ethical hacking hackernoon-top-story information security information technology mitre-attandck red team vpn
More from hackernoon.com / Hacker Noon - cybersecurity
6 GitHub Repos for DevSecOps in 2024
2 days, 21 hours ago |
hackernoon.com
GenAI - Soon to Be Great for Automating Dumb Attacks
1 week, 1 day ago |
hackernoon.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cyber Systems Administration
@ Peraton | Washington, DC, United States
Android Security Engineer, Public Sector
@ Google | Reston, VA, USA
Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid
@ Black & Veatch | Denver, CO, US
Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)
@ Novo Nordisk | Montes Claros, Minas Gerais, BR
Principal Engineer, Product Security Engineering
@ Google | Sunnyvale, CA, USA