If you’re in enterprise security, chances are you’re familiar with F5 BIG-IP and CVE-2020-5902. Used by 45% of Randori customers and thousands of organizations, it’s a very common network appliance family and is famous for having ruined the July 4th plans of many security engineers and network administrators.
If you were one of the many folks this weekend trying to figure out if you had a F5 BIP, if so how many, if the administration interface was exposed to the internet, if you knew where the logs were going and if you had enough visibility to know if it was being actively exploited you got pulled into a scramble and frankly… You f*cke up a long time ago.
The Randori Attack Team has successfully developed a POC for CVE-2020-2021 and has been able to confirm the severity of the vulnerability in local test and production environments.
At Randori, one way our automated attack platform operates is by bridging docker containers into remote network environments. The actual operation of this system is outside the scope of this article, but in short, a series of network tunnels within network tunnels provides us with a container with network traffic fully (and only) emerging into a remote network.
The second challenge I made for the https://derpcon.io CTF (read about the first challenge here) was a medium difficulty challenge starting at https://derp.randori.com. The idea was to utilize some modern reconnaissance techniques and hide in plain sight, similar to system configurations I have seen in the past.
I had the opportunity to make a couple challenges for the https://derpcon.io/ CTF. I had fun making the challenges, so I figured I would drop some quick notes here about how I would have gone about solving them.
It’s difficult to put into words just how excited I am to be able to share this news — we just raised $20M in series A funding led by Harmony Partners and our existing investors Accomplice, .406 Ventures and Legion Capital.
After two years of development, we’re thrilled to share with you big news: today, we’re unveiling the Randori Attack Platform, the industry’s first automated attack platform.
On December 17, 2019, Citrix disclosed an unauthenticated remote code execution (RCE) vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway, assigned CVE-2019-19781.
At Randori, we recommend assessing risk by evaluating your network the same way an attacker would. But, what does that actually mean, and how does an attacker lens differ from a traditional defenders’ approach?