Randori Attack: Continuous Automated Red Team
Answering the critical questions of “What would happen if an attacker carried out a campaign against my organization’s infrastructure, how would our defenses cope and
Answering the critical questions of “What would happen if an attacker carried out a campaign against my organization’s infrastructure, how would our defenses cope and
Randori Recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.
On December 9, 2021, the Log4Shell / Log4j vulnerability, tracked as CVE-2021-44228, was publicly revealed via the project’s GitHub. Since its release, it has been
Introduction With the recent disclosure of a chain of vulnerabilities in Microsoft’s Exchange Server resulting in unauthenticated remote code execution, this blog details how an
A high severity vulnerability (CVE-2021-21972, CVSS V3 base score – 9.8 CRITICAL) [1] impacting multiple versions of VMware vSphere products was reported privately on Oct
Executive Summary A high severity vulnerability (CVE-2021-3177, CVSS V3 base score – 9.8 CRITICAL) [1] impacting all versions of Python 3 was reported privately on
At Randori, we are constantly adding new capabilities to our automated attack platform. In the course of developing those capabilities for use in production, we
Our industry pays lots of attention to vulnerabilities and the need for patching. And yes, there is a need for this. But in the past
Both defenders and attackers have a keen interest in understanding the attack surface for an organization — defenders must understand what is exposed so they can prioritize what to maintain and monitor — attackers must understand what is reachable so they can decide which services are available to compromise.
At Randori, our automated attack platform emulates a realistic adversary. Real adversaries will often take advantage of targets of opportunity discovered on a network, even if those targets are not directly related to an objective.
If you were one of the many folks this weekend trying to figure out if you had a F5 BIP, if so how many, if the administration interface was exposed to the internet, if you knew where the logs were going and if you had enough visibility to know if it was being actively exploited you got pulled into a scramble and frankly… You f*cke up a long time ago.
The Randori Attack Team has successfully developed a POC for CVE-2020-2021 and has been able to confirm the severity of the vulnerability in local test and production environments.
At Randori, one way our automated attack platform operates is by bridging docker containers into remote network environments. The actual operation of this system is outside the scope of this article, but in short, a series of network tunnels within network tunnels provides us with a container with network traffic fully (and only) emerging into a remote network.
On December 17, 2019, Citrix disclosed an unauthenticated remote code execution (RCE) vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway, assigned CVE-2019-19781.
