#paloaltounit42 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #paloaltounit42, aggregated by home.social.
-
That :javascript: JWT "vulnerability"?
Nope 🙅
Exploiting this requires a deserialization bug in an app using the library, or for an attacker to be able to control the code directly (at which point they have RCE already).
Not CVSS 7.6, by any means: it requires an app to be dangerously deserializing untrusted input into a field for security token validation! Most apps hardcode a string.
This is CVSS 0.
This bug is not a vulnerability.
-
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild.
https://unit42.paloaltonetworks.com/cobalt-strike-team-server/