Aggregator

利用 Transfer-Encoded: Chunked 绕过 WAF 的小技巧

There can be barriers to pursuing a career in tech. For many people, the journey isn't straightforward. Many of our Akamai employees have diverse backgrounds and have overcome obstacles to pursue their dream career. Often, the way forward into a...

MLSRC邀你参加OGeek网络安全挑战赛

MLSRC邀你参加OGeek网络安全挑战赛

MLSRC邀你参加OGeek网络安全挑战赛

If you’ve been on social media recently, you’ve probably seen some people in your feed posting images of themselves looking...

The post Downloaded FaceApp? Here’s How Your Privacy Is Now Affected appeared first on McAfee Blog.

Lori Mac Vittie writes for Network Computing, describing why serverless security doesn't have to be a struggle if you pay attention to the apps and focus on securing them.

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

算法题那么多，我们从简单的讲起......

In this companion podcast, the researchers who created the F5 Labs Application Protection Report discuss their findings, and share the details and backstories that helped shape the final report.

In this companion podcast, the researchers who created the F5 Labs Application Protection Report discuss their findings, and share the details and backstories that helped shape the final report.

內容

在我們進行紅隊演練的過程中，發現目標使用的 Palo Alto GlobalProtect 存在 format string 弱點，透過此弱點可控制該 SSL VPN 伺服器，並藉此進入企業內網。

回報原廠後，得知這是個已知弱點並且已經 silent-fix 了，所以並未有 CVE 編號。經過我們分析，存在風險的版本如下，建議用戶儘速更新至最新版以避免遭受攻擊。

• Palo Alto GlobalProtect SSL VPN 7.1.x < 7.1.19
• Palo Alto GlobalProtect SSL VPN 8.0.x < 8.0.12
• Palo Alto GlobalProtect SSL VPN 8.1.x < 8.1.3

9.x 和 7.0.x 並沒有存在風險。

細節

我們也利用了這個弱點成功控制了 Uber 的 VPN 伺服器，詳細的技術細節請參閱我們的 Advisory： https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/

附註

這將會是我們 SSL VPN 研究的系列文，預計會有三篇。這也是我們研究團隊今年在 Black Hat USA 和 DEFCON 的演講『 Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs 』中的一小部分，敬請期待！