@Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Joined December 2021
- Tweets 54
- Following 57
- Followers 7,609
- Likes 58
CVE-2023-27524, a dangerous default configuration in #Apache #Superset, allows an unauth attacker to:
🔺 Gain RCE
🔺 Harvest Creds
🔺 Compromise Data
We estimate there are roughly 2K+ servers on the Internet affected by this issue.
horizon3.ai/cve-2023-27524-i…
1
96
7
223
CVE-2023-27350, affecting #PaperCut’s enterprise print mgmt software, enables an unauth attacker to achieve RCE as SYSTEM.
See our latest blog which details:
🔺 Analyzing the Patch
🔺 Developing an Exploit
🔺 Indicators of Compromise
🔺 Shodan Exposure
horizon3.ai/papercut-cve-202…
70
5
185
The recent #Veeam vuln, CVE-2023-27532, enables an unauth attacker to interact with an API to obtain creds as well as RCE as SYSTEM.
Our blog detailing the research and process of adapting the exploit to be cross-platform as well as the POC to dump creds:
horizon3.ai/veeam-backup-and…
4
90
5
203
Our technical deep-dive for the recent #Fortinet FortiNAC CVE-2022-39952
🔺 POC Exploit for RCE
🔺 Reversing the Patch
🔺 Indicators of Compromise
horizon3.ai/fortinet-fortina…
4
212
18
502
Check out @GreyNoiseIO's tag for this CVE for exploitation activity
viz.greynoise.io/tag/fortina…
2
14
CVE-2022-39952, announced today, allows for unauthenticated RCE against #Fortinet FortiNAC as the root user. Blog post and POC to be released soon.
See Fortinet's PSIRT: fortiguard.com/psirt/FG-IR-2…
20
391
39
1,009
Our technical deep-dive blog post for the recent #VMware vRealize Log Insight RCE vulnerability chain leading to root privileges.
💥CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
💥POC exploit in post
horizon3.ai/vmware-vrealize-…
6
87
5
211
Check out @GreyNoiseIO's recent tag for this vulnerability
viz.greynoise.io/tag/vmware-…
1
7
Our Indicators of Compromise blog post for the recent #VMware vRealize Log Insight RCE vulnerability chain.
🔹Log File Entries
🔹Packet Capture
🔹Shodan Exposure
🔹CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
horizon3.ai/vmware-vrealize-…
1
38
2
76
Exploitation of multiple vulnerabilities affecting #VMware vRealize Log Insight leads to unauth RCE
🔺 CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
🔺 IOC Blog tomorrow
🔺 POC / Deep-Dive Blog next week
See VMware Security Advisory: vmware.com/security/advisori…
4
141
8
414
Our technical deep-dive of the recent #ManageEngine Pre-Auth RCE CVE-2022-47966.
POC exploit included for xmlsec <= 1.4.1. Other versions also exploitable.
horizon3.ai/manageengine-cve…
2
90
7
239
Check out the original research by @_l0gg also released today blog.viettelcybersecurity.co…
1
5
18
Also check out @GreyNoiseIO, who we shared the POC with and has a tag available for monitoring it's exploitation.
viz.greynoise.io/tag/zoho-ma…
2
8
Indicators of Compromise for #ManageEngine CVE-2022-47966:
🔺Log File Entries
🔺Shodan Exposure
🔺Potential Post-Exploitation Activities
Deep-dive blog and POC will be released next week.
horizon3.ai/manageengine-cve…
Awesome effort by @JamesHorseman2, Naveen, and @hacks_zach
3
56
4
151
Reproducing the recent #ManageEngine CVE-2022-47966 pre-auth RCE, which affects nearly all of their products, has definitely been eye-opening about some recent SAML research that flew under our radar. POC and blog to come.
Credit to the original researcher @_l0gg, nice find!
3
75
4
249
Horizon3 Attack Team retweeted
Another memory corruption bug in latest #Fortinet SSL VPN. Looks like a simple DOS for now, but more investigation is needed.
7
14
1
63
Yesterday at #Pwn2Own @JamesHorseman2 and @hacks_zach successfully demonstrated a 0-day they discovered for a Lexmark printer to play a song using toner beeps!
Highlights from Day 1 of #Pwn2Own Toronto 2022: Zach Hanley and James Horseman from the Horizon3 AI team vs the #Lexmark printer #ItsAMe
6
Horizon3 Attack Team retweeted
Zach Hanley and James Horseman from the Horizon3 AI team speak with @dustin_childs about their $20,000 winning exploit of a #Lexmark printer. inv.warpnine.de/GQMJ-pu9mb8
9
1
21
Very excited that @JamesHorseman2 and I will be participating in our first #Pwn2Own in Toronto next week! It’s been an interesting couple months, some lessons learned, looking forward to meeting other researchers, and sharing our research when we can!
3