Archives: December 2015
Use the X-Forwarded-For Header, Luke: Joomla RCE CVE-2015-8562
Posted on December 17th, 2015
Summary: A recent vulnerability in Joomla (CVE-2015-8562) has been patched after reports of exploitation occurring in the wild impacting all versions from 1.5.0 to 3.4.5. A new version of Joomla (3.4.6) has been released in response, as well as hotfixes for backdated versions of the software (1.5.x and 2.5.x). Initial reports by Sucuri, of the […]

Next Level Reconnaissance with Shodan and Censys
Posted on December 2nd, 2015
During the initial phases of a penetration test, online resources such as Shodan can serve as a starting point to identifying the technology footprint of your target organization. A new resource has been released, known as Censys.io, that collects data on internet facing websites and systems through daily ZMap and ZGrab scans of the IPv4 […]