3CX Phone System Local Privilege Escalation Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at the 3CX Phone Management System with the goal of identifying an unauthenticated remote code execution vulnerability within […]
Embracing the Future: The Power of a Global Workforce in Cybersecurity
Embracing the Future: The Power of a Global Workforce in Cybersecurity In an era of rapid technological advancement and an ever-evolving threat landscape, the traditional work and talent management paradigms are being redefined. The world has never been more connected, while data, information, and wealth derived from both data and information have never been more […]
Exploiting Lambda Functions for Fun and Profit
Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the client’s AWS environment or gain access to sensitive data belonging to other users. Their solution to sandboxing untrusted code builds was to perform […]