The FF4J v1.8.7 web administration console did not protect against YAML deserialisation vulnerabilities in the configuration import function. An attacker with access to the administration interface could remotely execute arbitrary Java code.
We go beyond just using automated tools, instead using skills and techniques that real adversaries do.
We help you prepare and respond to cyber security incidents.
We're focused on offensive security, including dedicated research days to continually develop our skills.
All engagements follow our comprehensive technical methodologies and quality assurance process.
Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.
Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.
For when things go wrong, our experienced and qualified team will help with getting you back on track.
The AWS bastion host (https://github.com/aws-quickstart/quickstart-linux-bastion) is intended to provide command logging for all users. These command logs are stored both on the bastion host itself, and forwarded to Cloudwatch. The command auditing implementation allowed a user to bypass the logging, execute an interactive shell and issue commands that were not captured by the AWS bastion’s logging mechanisms.
Authentication design for websites is tricky business, and we’re finding more and more websites are falling behind the times. Let’s talk user login design and how to get decent security without stamping all over your user experience. It’ll be fun, I promise!
+64 4 889 4756
info at pulsesecurity.co.nz