Randori and IBM Plan to Join Forces to Tackle Growing Attack Surface Risks

Randori Blog

Discover more through Randori’s Security Blog Library

Recent Posts:

Exploiting BIG-IP: Deconstructing This Simple But Effective RCE

If you’re in enterprise security, chances are you’re familiar with F5 BIG-IP and CVE-2020-5902. Used by 45% of Randori customers and thousands of organizations, it’s a very common network appliance family and is famous for having ruined the July 4th plans of many security engineers and network administrators. 

Read More »

Avoid the Scramble: Reflections on CVE-2020-5902

If you were one of the many folks this weekend trying to figure out if you had a F5 BIP, if so how many, if the administration interface was exposed to the internet, if you knew where the logs were going and if you had enough visibility to know if it was being actively exploited you got pulled into a scramble and frankly…  You f*cke up a long time ago.

Read More »

Sideloading Software In A Running Docker Container

At Randori, one way our automated attack platform operates is by bridging docker containers into remote network environments. The actual operation of this system is outside the scope of this article, but in short, a series of network tunnels within network tunnels provides us with a container with network traffic fully (and only) emerging into a remote network.

Read More »

DERPCON CTF Challenge 2: Let’s Be Transparent About This

The second challenge I made for the https://derpcon.io CTF (read about the first challenge here) was a medium difficulty challenge starting at https://derp.randori.com. The idea was to utilize some modern reconnaissance techniques and hide in plain sight, similar to system configurations I have seen in the past.

Read More »
Generic selectors
Exact matches only
Search in title
Search in content