From POC to RCE with reverge Last month, Securifera publicly launched our attack surface management tool, reverge, on the AWS Marketplace. While we’re still planning to publish blog posts and videos to guide users through setup and usage, we wanted to give an example of what reverge can do by demonstrating how [...]
Introducing Reverge: An Attack Surface Management Platform by Securifera In today’s complex digital ecosystems, organizations struggle to maintain visibility over sprawling infrastructure, cloud services, and third-party integrations. Traditional vulnerability management tools often fall short in providing real-time, actionable insight into an organization's external exposure. That’s why we’re excited to introduce Reverge, Securifera’s [...]
This article is in no way affiliated, sponsored, or endorsed with/by Vocera Communications or Stryker Corporation. All graphics are being displayed under fair use for the purposes of this article. Quest for RCE Last year during a routine penetration test, our team came across a interesting target called Vocera Report Server [...]
This article is in no way affiliated, sponsored, or endorsed with/by Siemens Healthineers or Microsoft Corporation. All graphics are being displayed under fair use for the purposes of this article. Last year I spent some time looking for vulnerabilities in a commercial cardiovascular imaging web application called Syngo Dynamics. This product is [...]
This article is in no way affiliated, sponsored, or endorsed with/by Fidelis Cybersecurity. All graphics are being displayed under fair use for the purposes of this article. Operation Eagle Eye Who remembers that movie about 15 years ago called Eagle Eye? A supercomputer has access to massive amounts of data, introduce [...]
This article is in no way affiliated, sponsored, or endorsed with/by MesaLabs. All graphics are being displayed under fair use for the purposes of this article. During a recent assessment, multiple vulnerabilities of varied bug types were discovered in the MesaLabs AmegaView Continous Monitoring System, including command injection (CVE-2021-27447, CVE-2021-27449), improper authentication (CVE-2021-27451), [...]
This article is in no way affiliated, sponsored, or endorsed with/by Citrix Systems, Inc. All graphics are being displayed under fair use for the purposes of this article. Hacking Citrix Storefront Users With the substantial shift from traditional work environments to remote/telework capable infrastructures due to COVID-19, products like Citrix [...]
**Securifera is in no way affiliated, sponsored, or endorsed with/by BMC. All graphics produced are in no way associated with BMC or it's products and were created solely for this blog post. All uses of the terms BMC, PATROL, and any other BMC product trademarks is intended only for identification purposes and is to [...]
A 3D Printed Shell With 3D printers getting a lot of attention with the COVID-19 pandemic, I thought I'd share a post about an interesting handful of bugs I discovered last year. The bugs were found in a piece of software that is used for remotely managing 3D printers. Chaining these vulnerabilities [...]
403 to RCE in XAMPP Some of the best advice I was ever given at how to become more successful at vulnerability discovery is to always try and dig a little deeper. Whether you are a penetration tester, red teamer, or bug bounty hunter, this advice has always proven true. Far too [...]
