[Blog] CVE-2024-21378 – Microsoft Outlook Remote Code Execution
How we discovered & were able to exploit this vulnerability: ow.ly/L29F50QQ7s4
Written by: Rich Wolferd, NetSPI’s Director of Red Team Operations & Nick Landers @monoxgas
NetSPI
6,467 posts
NetSPI
@NetSPI
The Proactive Security Solution | Securing the most trusted brands on Earth
#PenetrationTesting #proactivesecurity
- Introducing the NetSPI SQL Injection Wiki! Our security consultants wanted everything they'd need to know about SQL Injections in one place and that's exactly what they created. Check it out: sqlwiki.netspi.com
- NEW BLOG! @0xbadjuju released a mini-blog sharing a technique to load a .Net Assembly without having to call the suspicious Assembly.LoadFile() or Assembly.Load() Functions. Check it out here: blog.netspi.com/net-reflection…
- Here are a few methods to elevate privileges and retrieve passwords from PXE boot images thanks to @thomas_elling. Learn more from his recent blog post: blog.netspi.com/attacks-agains…
- NEW BLOG! Learn how to escape NodeJS sandboxes by understanding the internals of the interpreter in Lars Sorenson's newest blog. Read more: blog.netspi.com/escape-nodejs-… #TeamNetSPI
- Microsoft recently announced support for #Python in Excel — and our Senior Security Consultant James Williams quickly began experimenting with how this new functionality could be leveraged for #RedTeamOperations. See the results: ow.ly/kUFg50PZQxH
- NetSPI Practice Director, @kfosaaen, discusses lateral movement in Azure App Services in his latest blog post. Read it now: ow.ly/8mru50B2ya4 #WebApp #Azure #AppSec #ApplicationSecurity
- Introduction to Hacking Thick Clients Part 2 is now available! In this post, NetSPI's Austin Altmann covers network testing in thick client applications and how it’s performed on different architectures. Read it now - blog.netspi.com/introduction-t…
- New blog post from NetSPI: Java Deserialization Attacks with Burp ift.tt/1Si2EgT
- NetSPI Practice Director, @kfosaaen recently contributed to the newly released #BloodHound 4.0 by @SpecterOps Read more about the latest release here: ow.ly/Fxm750CuHMj #Azure #CyberSecurity #InfoSec
- New Blog! @kfosaaen has previously covered different domains/subdomains for Azure services, but in this new post he focuses on finding existing Azure subdomains as part of the recon process. Read more here: blog.netspi.com/enumerating-az…
- NetSPI and @VitreusChain collaborated on the recent discovery of a significant security flaw that was quickly remediated for more secure #Web3 technologies. Thanks for the highlight, Vitreus!📣 CRITICAL SECURITY UPDATE (Remediated ✅) “Web3 in Peril: Astonishing Security Flaw Uncovered by NetSPI and VITREUS” 1/2 Details below 👇🏼👇🏼 finance.yahoo.com/news/web3-peri…
- New blog post from NetSPI: Auto-Dumping Domain Credentials using SPNs, PowerShell Remoting, and Mimikatz ift.tt/1IDx9ux
- Did you miss the release of @0xbadjuju's Tokenvator Wiki this year? The Tokenvator is a small tool to alter privileges on the Windows. Check out the wiki here: github.com/0xbadjuju/Toke…
