Over the weekend, multiple researchers published PoCS for CVE-2022-1388. Attackers have already begun exploiting this flaw. Organizations are urged to ...May 9, 2022
My blog post on the F5 BIG-IP auth bypass issue is live! Still working on an in-depth rundown for an AttackerKB post, so keep your eyes out for that o ...May 9, 2022
CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote threat actors to bypass authentication a ...May 9, 2022
I don't understand how knowing the origin ip can help you exploit that reflected xss. A better example would have been a server side vulnerability.
A ...May 9, 2022
Read crowdsource hacker @hakluke documenting Hakoriginfinder, a new tool for bypassing WAFs by discovering the origin host behind a reverse proxy. #WA ...May 9, 2022
#HackTheBox Unicode is now up! Was a fun box that involved exploiting a Claim Misuse vulnerability in a JWT, and some unicode normalization to bypass ...May 7, 2022
F5, Cisco admins: Stop what you're doing and check if you need to install these patches -- BIG-IP iControl authentication bypass, NFV VM escape, and m ...May 7, 2022
CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code: On May 5, 2022, MITRE published CVE-2022-138 ...May 6, 2022
WAF-A-MoLE
A guided mutation-based fuzzer for ML-based Web Application Firewalls.
Given an input SQL injection query, it tries to produce a semantic ...May 6, 2022
F5, Cisco admins: Stop what you're doing and check if you need to install these patches: BIG-IP iControl authentication bypass, NFV VM escape, and mor ...May 6, 2022
New blog from @tenablesecurity Response Team, F5 issues patch for Critical Authentication Bypass Vulnerability. Also number of times I've already writ ...May 6, 2022
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
BIG-IP iControl authentication bypass, NFV VM escape, and mor ...May 6, 2022