Late last year a new remote code execution vulnerability was discovered in Fortinet’s SSLVPN service. Given the relative lack of information surrounding it at the time, and the fact I’d have some uninterrupted research time due to a lengthy flight, I decided to attempt to produce a POC for the vulnerability. Background information I started … Continue reading Producing a POC for CVE-2022-42475 (Fortinet RCE)

The correct IP address is sometimes all you need to exploit a remote target. Background I realise this article will not help me with my colleagues who believe I just happen to get lucky on every assessment I’m on. Nevertheless, during a recent internal pentest, our first objective was to attempt to bypass the Network … Continue reading Exploiting stale ADIDNS entries