N-Able Windows Software Probe Remote Code Execution Recently I was performing a penetration test using Reverge when an interesting service caught my attention. The banner reported “ms .net remoting services” listening on port 10004. For those unfamiliar, .NET Remoting is an older Microsoft framework that allows applications to expose [...]
Introducing the Reverge AI Assistant This month, we rolled out one of reverge's most anticipated features: an integrated AI assistant that transforms how reverge users can interact with the platform. While AI tools have become commonplace in many industries, we trained reverge's AI assistant specifically for the unique challenges of attack surface [...]
What are reverge collectors? Collectors serve as the distributed job engine for the reverge platform. Operating as a remote collection agent, it receives scanning tasks from the reverge server and executes various tools. This client-server architecture enables scalable reconnaissance operations across multiple environments while maintaining centralized coordination and data aggregation. [...]
From POC to RCE with reverge Last month, Securifera publicly launched our attack surface management tool, reverge, on the AWS Marketplace. While we’re still planning to publish blog posts and videos to guide users through setup and usage, we wanted to give an example of what reverge can do by demonstrating how [...]
Introducing Reverge: An Attack Surface Management Platform by Securifera In today’s complex digital ecosystems, organizations struggle to maintain visibility over sprawling infrastructure, cloud services, and third-party integrations. Traditional vulnerability management tools often fall short in providing real-time, actionable insight into an organization's external exposure. That’s why we’re excited to introduce Reverge, Securifera’s [...]
This article is in no way affiliated, sponsored, or endorsed with/by Okta, Inc. All graphics are being displayed under fair use for the purposes of this article. Poppin shells with Okta Verify on Windows These days I rarely have an opportunity to do bug hunting. Fortunately, over the holiday break, I [...]
This article is in no way affiliated, sponsored, or endorsed with/by ScienceLogic, Inc. All graphics are being displayed under fair use for the purposes of this article. Just another Day About a year ago I came across an interesting target during a pentest that piqued my interest. This led to independent [...]
This article is in no way affiliated, sponsored, or endorsed with/by Vocera Communications or Stryker Corporation. All graphics are being displayed under fair use for the purposes of this article. Quest for RCE Last year during a routine penetration test, our team came across a interesting target called Vocera Report Server [...]
This article is in no way affiliated, sponsored, or endorsed with/by Siemens Healthineers or Microsoft Corporation. All graphics are being displayed under fair use for the purposes of this article. Last year I spent some time looking for vulnerabilities in a commercial cardiovascular imaging web application called Syngo Dynamics. This product is [...]
403 to RCE in XAMPP Some of the best advice I was ever given at how to become more successful at vulnerability discovery is to always try and dig a little deeper. Whether you are a penetration tester, red teamer, or bug bounty hunter, this advice has always proven true. Far too [...]
