Blog

A Deep Dive Into Three Popular CVE-2019-3396 PoCs Used in Confluence Attacks

A Deep Dive Into Three Popular CVE-2019-3396 PoCs Used in Confluence Attacks

When a new CVE comes out there is a dilemma between releasing and not releasing proof of concepts (PoCs). This dilemma is exacerbated by the potential impact of the vulnerability. Nothing illustrates this more than the anticipation surrounding BlueKeep, a vulnerability if exploited with RCE that could have major impacts. To date, there have been […]

Read More…

Anatomy of a Redis Exploit

Anatomy of a Redis Exploit

Photo by Sonja Langford on Unsplash At Lacework Labs we have been setting up honeypots as part of our ongoing research into securing public cloud infrastructure. Recently we noticed one of our Redis honeypots was compromised. We were running a stock version of Redis which allowed inbound connections. During our monitoring, a cryptocurrency mining botnet […]

Read More…