Archives: December 2015

Use the X-Forwarded-For Header, Luke: Joomla RCE CVE-2015-8562

Posted on December 17th, 2015

Summary: A recent vulnerability in Joomla (CVE-2015-8562) has been patched after reports of exploitation occurring in the wild impacting all versions from 1.5.0 to 3.4.5.  A new version of Joomla (3.4.6) has been released in response, as well as hotfixes for backdated versions of the software (1.5.x and 2.5.x). Initial reports by Sucuri, of the […]

Image

Next Level Reconnaissance with Shodan and Censys

Posted on December 2nd, 2015

During the initial phases of a penetration test, online resources such as Shodan can serve as a starting point to identifying the technology footprint of your target organization. A new resource has been released, known as Censys.io, that collects data on internet facing websites and systems through daily ZMap and ZGrab scans of the IPv4 […]