by Ridge Security Marketing | Dec 23, 2021 | Pen Test Technical Tips
Oct. 7, 2021, US-CERT (United States Computer Emergency Readiness Team) tweeted “Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, likely leading to exploitation. Please patch immediately if you haven’t...
by Ridge Security Marketing | Dec 14, 2021 | Pen Test Technical Tips
On November 24, 2021, Apache was notified about the Log4j remote code execution vulnerability by the Alibaba Cloud Security team. The vulnerability in the Apache Log4j Library has the potential for a wide-scale impact, which is actively being exploited in...
by Lydia Zhang | Sep 29, 2021 | Pen Test Technical Tips
After studying different vendors’ approaches, here is our summary of how to do SMB OS detection right. With either SMBv1 or SMBv2, both “Session Setup Request “and “NTLMSSP_NEGOTIATE requests” shall be sent;Especially for SMB v1, if only “Session Setup AndX Request”...
by Lydia Zhang | Sep 20, 2021 | Pen Test Technical Tips
The Study of Different Approaches from 4 Well-Known Vendors You may wonder “how does a blackbox penetration test tool know about my server information when it only has the server’s IP address?” The secret is a protocol, such as Sever Message Block (SMB),...
by Ridge Security Marketing | Sep 10, 2021 | Pen Test Technical Tips
Whether you conduct penetration testing an automated vulnerability scanning, knowing your target is the very essential first step. This process or technology is called Asset Profiling. In the asset profiling stage, the most important thing is to recognize the...
by Lydia Zhang | Aug 2, 2021 | Pen Test Technical Tips
Zimbra, an open-source collaborative office suite, consisting of webmail, web document creation and management, calendar, and address book built for the cloud. More than 200,000 companies and over 1,000 governments and financial institutions use Zimbra’s messaging...
