Security BlogCybersecurity knowledge and tools from the Praetorian team. Viewing articles byall subjectsAdvisory ServicesApplication SecurityBlockchain SecurityChariotCI/CD SecurityCloud SecurityCorporate SecurityCyberSecurity Program StrategyDefensive SecurityExecutive InsightsExecutive ResourcesIn BriefIncident ResponseInternshipsIoT SecurityLabsManaged ServicesOffensive SecurityPeopleProduct SecurityUncategorizedVulnerability Research inall topicsABACActive DirectoryADFSadversarialapiapplicationAPTArtificial IntelligenceASMAttack Chainsattack emulationattack path mappingAttack Surface Managementauthenticationauthorizationautomationautomobile securityautomotiveAWSAzurebench testingbenefitsBest PracticesBlack Hat ArsenalBODBreach Attack Simulationbrute forcingcar hackingcartographyChariotChatGPTCI/CDCISOcloudCloud Security Posture ManagementCNNsCollegeCommunityconference retrospectiveconfluenceconstraintscontent discoveryContinuous Red Teamingcore valuesCRLF injection vulnerabilityCross-site ScriptingcryptographyCSC CISCultureCVECVE-2023-48178CVE-2023-50164CVE-2024-26135cybersecuritycybersecurity programDEIBdesign considerationsDFSCoerceDiversitydue diligencedynamic linking injectioneconomy of trustend-to-endEnterprise SecurityequalityExploit DevelopmentF5 BIG-IPfamilyFindingsfingerprintingFrameworkframework securityGatoGCPgenderGitHub RunnersGolanggovernancehelpdeskholistic assessmentIAM policyIAM rolesIdentity and Access Managementindustry profilesInspectorinstrumentinginter-chipinternational applicationinternet of thingsIstioJava DeserializationJWTKonstellationkubernetesLambdalarge language modelListServLLMLog4JLOLBASLUKSM&Amachine learningmanaged servicesmanagementmarketplacematurationmeasurementmedical devicesmemory protectionmergers & acquisitionsmgm breachmitigationMITRE ATT&CKMLMOVEit TransferMulti-Vector AttacksNew HiresNIST CSFnosey parkerNTLMNucleioauth refresh tokenoffensive securityOpen SourceOpportunistic Attacksparental leavepartnerpen testpenetration testingpeoplepeople process & technologypersonal developmentPhishingpostmarket monitoringpreventiveprivilege escalationproactiveProxyLogonPurple Teampwn requestQlik SenseransomwareRBACRed TeamRed Teamingrefresh tokenrelaying attacksremote code executionrisk managementrole chainingRootkitropcscanningscreenshottingsecret scanningsecrets scanningsecurity controlssecurity debtSecurity InsightsSeveritysmart contractssolutionsSonicWallstandardizationStatic AnalysisStrategysupply chaintalenttechnical advisoryTensorFlowTestingThorn SFTPThreat HuntingThreat ModeingTools & Techniquestrust boundarytrust dependenciesuser interfaceVirtual File SystemvulnerabilitiesVulnerability ResearchWeb Application Firewallweb3whitebox assessmentWXASubscribe To Our Blog
Labs in CVE Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747 by Michael Weber and Thomas Hendrickson on October 26, 2023 Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. We decided to focus on the F5 BIG-IP suite, as F5 products are fairly ubiquitous among large corporations. We targeted the F5 BIG-IP Virtual Edition […] Read Article