Posts by Caitlin Condon

2 min Emergent Threat Response

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.

2 min Emergent Threat Response

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability

On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010 [], which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. Succe

3 min News

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

5 min News

Attackers Targeting Fortinet Devices and SAP Applications

CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.

2 min Research

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Risk Management

Meet AttackerKB

Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.

2 min Metasploit

Congrats to the winners of the 2020 Metasploit community CTF

After four days of competition and a whole lot of “trying harder,” we have the winners of this year's Metasploit community CTF [/2020/01/15/announcing-the-2020-metasploit-community-ctf/]. We've included some high-level stats from the game below; check out the scoreboard here []. If you played the CTF and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course), we have a feedback surve

2 min Metasploit

Metasploit Team Announces Beta Sign-Up for AttackerKB

AttackerKB is a knowledge base of vulnerabilities and informed opinions on what makes them valuable (or not) targets for exploitation.

5 min Metasploit

Announcing the 2020 Metasploit community CTF

Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.

9 min Haxmas

Memorable Metasploit Moments of 2019

Here’s a smattering of the year’s Metasploit Framework highlights from 2019. As ever, we’re grateful to and for the community that keeps us going strong.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Unauthenticated scanner for BlueKeep, community hackathon in Austin, and the usual long list of fixes and enhancements.

2 min Metasploit

Introducing the Metasploit Development Diaries

In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.

7 min Haxmas

The New Shiny: Memorable Metasploit Moments of 2018

Happy HaXmas, friends. Metasploit turned 15 this year, and by all accounts, 2018 was pretty epic.