Topic: Attack and vulnerability research
Exploiting default cloud configurations for fun and profit
Don’t rely on the default configuration for cloud services. Accenture shows how an "out-of-the-box" AWS configuration might leave your resources unprotected.
Discovering and Exploiting Multiple Vulnerabilities in Avaya Aura
Accenture supports discovering and exploiting 0-day vulnerabilities in Avaya to breach the perimeter in an Adversary Simulation. Read more.
Red teaming Jenkins with the Jenkins Attack Framework
Accenture Jenkins Attack Framework (JAF) is an internally developed red teaming tool for interacting with Jenkins build servers. Read more.
The future of Bugtraq
In April 2020, Accenture acquired the Bugtraq mailing list to stabilize the platform and return it to healthy operations. Read how.
Discovering, exploiting and shutting down a dangerous Windows print spooler vulnerability
In May 2020, FusionX reported a vulnerability in the Windows Print Spooler service to the Microsoft Security Response Center. Read more.
An exploitation case study of CVE-2020-1062, a use-after-free vulnerability in IE11
Accenture's blog shares an exploitation exercise for CVE-2020-1062, a recent Internet Explorer (IE) use-after-free (UAF) vulnerability. Read more.
Exploiting an arbitrary file move in Symantec Endpoint Protection (CVE-2020-5825)
A vulnerability exists in one of the RPC endpoints exposed by a Symantec Endpoint Protection (SEP) userland service, which can be exploited. Read more.
Microsoft + Adobe font library from legacy architecture = Exploit in wild
In March 2020, Microsoft released details about two separate remote code execution vulnerabilities that threat actors were exploiting in the wild. Learn more.
CLRvoyance: Loading managed code into unmanaged processes
Accenture's blog explains CLRvoyance, a new tool for loading managed code or assemblies into unmanaged processes. Read more.
Mobile security threats exposed at BlackHat 2018 and DEFCON 26
Mobile technologies continue to receive scrutiny as research exposes the insecurity of various aspects of the mobile landscape. Read more.
MELTDOWN/SPECTRE Security Alert
In January 2018, researchers discovered two major vulnerabilities in microprocessor design called Meltdown and Spectre. Learn more.
Subscribe to Accenture's Cyber defense blog Subscribe to Accenture's Cyber defense blog
Follow us: Follow us: