Part 4.6 - Hunt for Vulnerable Applications & Endpoints

Posted Apr 22, 2024 Updated Aug 16, 2024

By Jinto Antony 1 min read

Vulnerability exploitation is one of the top attack vectors in most high-value breach in recent years. Here are some of the vulnerabilities that grab the headlines.

(RCE) Vulnerability (CVE-2024-3400) In Palo Alto Networks PAN-OS
(RCE) Vulnerability (CVE-2023-3519) in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)
(RCE) Vulnerability (CVE-2023-22527) In Confluence Data Center and Confluence Server
(SQL inj) Vulnerability (CVE-2023-34362) MOVEit
Vulnerability(CVE-2023-42659) in Progress (formerly Ipswitch) WS_FTP Server
CVE-2023-29059 3CX (3CXDesktop App) had been trojanized due to a code-level compromise
(RCE) Vulnerability CVE-2022-30190 in Microsoft Windows Support Diagnostic Tool (MSDT)
CVE-2022-47966 is a pre-authentication remote code execution vulnerability in ManageEngine
(RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library
CVE-2021-26855 in Microsoft Exchange Servers.

Detect CVE-2024-3400 exploitation in Palo Alto Networks PAN-OS
Detect CVE-2023-22527 exploitation In Confluence Server
Detect CVE-2023-34362 exploitation in MOVEit
Detect CVE-2023-42659 exploitation in WS_FTP Server
Detect CVE-2023-29059 exploitation in 3CX Desktop App
Detect CVE-2022-30190 exploitation in Microsoft Office
Detect CVE-2022-47966 exploitation in ManageEngine
Detect CVE-2021-44228 exploitation in Apache’s Log4j software library
Detect CVE-2021-26855 exploitation in Microsoft Exchange

Detection Engineering - YARA and its Ecosystems, Part 2 - Threat hunting use cases for real world cases

Yara

This post is licensed under CC BY 4.0 by the author.

Detect CVE-2022-47966 exploitation in ManageEngine

Detect CVE-2021-44228 exploitation in Apache’s Log4j software library

Detect CVE-2021-26855 exploitation in Microsoft Exchange

Trending Tags