Aliz Hammond

Why It's Not Worth Goading Us On A Friday - CVE-2022-36537 At Scale

At watchTowr, the security of our client's external systems is of priority. And as hackers, bugs are our passion. It's our job to understand emerging weaknesses, vulnerabilities and misconfigurations - and quickly translate that knowledge into an answer to the question of "how does this impact our clients?". Through our

Text4Shell++ - Where There’s Smoke, There’s Fire

(Or at least some ash) As part of our Attack Surface Management capabilities delivered through the watchTowr [https://www.watchtowr.com] Platform, we analyse vulnerabilities in technology that is likely to be prevalent across the attack surfaces of our clients. This enables proactive defense for organisations leveraging the watchTowr Platform,

OpenSSL 3.0.7 - Otherwise Known As, The Hype That Was Not

Finally, it is midnight (in my timezone, at least) and the wait is over - OpenSSL have published details of their second ever critical severity, nope high-severity (**amended after disclosure), security vulnerability - tracked as CVE-2022-3786 and CVE-2022-3602. The details published by OpenSSL can be found here: CVE-2022-3786 and CVE-2022-3602:

CVE-2022-44889 - Text4Shell Analysed

As part of our Attack Surface Management capabilities delivered through the watchTowr [https://www.watchtowr.com] Platform, we analyse vulnerabilities in technology that is likely to be prevalent across the attack surfaces of our clients. This enables our ability to rapidly PoC and identify vulnerable systems across large attack surfaces.

All Around The World: The Common Crawl Dataset

At watchTowr [https://www.watchtowr.com], we're big believers that data is power, and ultimately data drives security initiatives - like Attack Surface Management, which we then use to power continuous security testing within the watchTowr Platform [https://www.watchtowr.com]. Who remembers the pre-Google days of searching the web

Seasons In The Abyss - Diving into OpenVPN Access Server

Here at watchTowr, we like to proactively audit security-critical codebases which we notice our clients rely on. This feeds our ability to keep external attack surfaces secure, as we can find and fix vulnerabilities before exploitation can affect our clients. Typically, during these audits, we are concerned with high-impact, 'world-ending'

1x Enterprise IAM vs 1x Slanty Boi

OpenAM CVE-2022-34298 As part of our Attack Surface Management capabilities delivered through the watchTowr Platform, we perform zero-day vulnerability research in prevalent technology that we see across the attack surfaces of our clients. This enables proactive defense for organisations leveraging the watchTowr Platform, and gives forward visibility of vulnerabilities while