teamares Archives | Critical Start
Learn real world attack and defense strategies with Adversarial Emulation and Active Defense training from TEAMARES
TEAMARES launches Breach Attack as a Service for quick testing whenever your environment changes.
Gain full transparency and reduce alert fatigue with CRITICALSTART's managed SIEM powered by Devo.
Webinar Series | Once More unto the Breach | Lessons Learned from Billion Dollar Breaches

Exploiting Enterprise Passwords

  No matter how much you think you’ve done to safeguard your data and systems against breaches, common vulnerabilities continue to wreak havoc on enterprises. The top of the list of these vulnerabilities is weak passwords. According to a 2019 Verizon Data Breach Investigations Report (DBIR), 80% of hacking-related breaches involved compromised and weak credentials. Attackers are […]

Read More…

New CRITICALSTART and AttackIQ Offering Helps Security Teams Find Potential Gaps and Prevent Hackers From Breaching Them

In conjunction with AttackIQ, CRITICALSTART TEAMARES is rolling out a new best-in-class Breach Attack as a Service (BAaaS) offering built on the AttackIQ Security Optimization Platform, which offers the easiest to deploy, best security control validation available at scale and in production. […]

Read More…

Critical Vulnerabilities Discovered in MoFi Routers

Versions Tested: MOFI4500-4GXeLTE V2 Firmware 3.6.1-std MOFI4500-4GXeLTE V2 Firmware 4.0.8-std MOFI4500-4GXeLTE V2 Firmware 4.2.5-std Product: http://mofinetwork.com/ CVE Numbers: CVE-2020-13856 CVE-2020-13857 CVE-2020-13858 CVE-2020-13859 CVE-2020-13860 CVE-2020-15832 CVE-2020-15833 CVE-2020-15834 CVE-2020-15835 CVE-2020-15836   Summary: Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE.  The initial vulnerabilities were […]

Read More…

Hackers Target Contact Tracing Applications

NBC News and Boston 25’s Blair Miller interviews Quentin Rhoads-Herrera of CRITICALSTART‘s TEAMARES about the vulnerabilities associated with contact tracing and how hackers are targeting companies and individuals through these apps.   Video Transcript: M. Davenport:  Health officials want to know how people are contracting the Coronavirus, who they are catching it from, but one […]

Read More…

Uncovering Your Security Blind Spots: Keys to Protecting your Organization from the Unknown

Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures. Minimizing your security risk begins with risk management – ensuring proper asset management, implementing policies and procedures around protecting assets, and effective risk mitigation. Yet […]

Read More…

Local Privilege Escalation Discovered in GlobalProtect App

Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product:https://www.paloaltonetworks.com/products/globalprotect Security Advisories:https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers:CVE-2020-2032 CVSS Score:7.0 CWE:CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition NIST:N/A OWASP:N/A   Summary: A race condition vulnerability in the Palo Alto Networks GlobalProtect app on Windows allowed a local limited Windows user to execute programs with SYSTEM […]

Read More…

Securing Your Cookies: HTTPOnly Flag for Cookie Theft Defense

Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However, cookies can contain session tokens and other values that can be useful to a malicious actor and should be protected. If the cookies do not […]

Read More…

Local Privilege Escalation Discovered in VMware Fusion

  Versions Tested: VMware Fusion 11.5.3 Products: https://www.vmware.com/products/fusion.html https://docs.vmware.com/en/VMware-Remote-Console/index.html https://docs.vmware.com/en/VMware-Horizon-Client/index.html Security Advisories: https://www.vmware.com/security/advisories/VMSA-2020-0011.html CVE Number(s): CVE-2020-3957 CVSS Score: 7.3 CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-424: Improper Protection of Alternate Path NIST: N/A OWASP: N/A   Summary: VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use […]

Read More…

COVID-19 Contact Tracing Methods Compared: Examining Privacy & Security Implications

Discussions about contact tracing have been ongoing since February 2020, when some experts began looking ahead at how to move through the global COVID-10 pandemic. What Is Contact Tracing? Contact tracing essentially comprises identifying those who have been infected with COVID-19 and notifying as many people as possible who have been in close contact with […]

Read More…

Tennessee Has Just 25 Percent of Recommended Contact Tracers

Tennessee has just 25 percent of the recommended amount of contact tracers, leaving the state 1,500 people short for the critical disease mitigation effort. The National Association of County and City Health Officials is recommending just over 2,040 in Tennessee for its population. Nashville has just 75 contract tracers which needs to be tripled to […]

Read More…

Cybersecurity During a Pandemic: An Interview With CRITICALSTART

Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic. In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure […]

Read More…

Virtual Draft Makes NFL Teams Potential Targets for Hackers

A hacker could provide entertainment value by disrupting the virtual NFL draft that begins Thursday. Desperation for any sports entertainment shouldn’t make us forget that these things are boring. The few moments of suspense as picks and trades are announced are drowned out by incessant chatter by talking heads and nonstop loops of player highlights. […]

Read More…

Hard-Coded Administrator Password Discovered in OpsRamp Gateway

  Version Tested: 3.0.0 Product: https://www.opsramp.com/ CVE Numbers: CVE-2020-11543 CVSS Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE: CWE-798: Use of Hard-coded Credentials OWASP: https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password   Summary: During a recent penetration test, CRITICALSTART‘s TEAMARES researchers discovered that OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server. This account was unknown to clients […]

Read More…

A researcher found zero-days in one city’s software. Then he realized the problem could be bigger.

For Quentin Rhoads-Herrera, this was not a typical security test. A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could […]

Read More…

Vulnerabilities Discovered in CIPAce Enterprise Platform

  Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce Version < 9.1 Build 2019092801 Product: https://www.cipplanner.com/Products/CIPAce/Pages/CPMPlatform.aspx Security Advisories: N/A CVE Numbers: CVE-2020-11586 CVE-2020-11587 CVE-2020-11588 CVE-2020-11589 CVE-2020-11590 CVE-2020-11591 CVE-2020-11592 CVE-2020-11593 CVE-2020-11594 CVE-2020-11595 CVE-2020-11596 CVE-2020-11597 CVE-2020-11598 CVE-2020-11599 CRITICALSTART‘s TEAMARES researchers have released a steady cadence of advice regarding the importance of testing your systems regularly for […]

Read More…

Telesploit: Open-Source Remote Vulnerability Assessment & Penetration Testing

Due to current events, your organization is more than likely experiencing disruption resulting from a rush to implement remote work policies, social distancing, and other unexpected changes to business as usual. And if you’re like many organizations, chances are you did not have remote work contingency plans in place and may be scrambling to find […]

Read More…

Authentication Bypass Vulnerability Discovered in Infinias eIDC32 WebServer

Versions Tested: Web Revision: 1.107, Board: 3.001, Firmware: 2.213 Product: https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc Security Advisories: N/A CVE Numbers: CVE-2020-11542 CVSS Score: N/A CWE: CWE-305: Authentication Bypass by Primary Weakness NIST: IA-4: Identifier Management OWASP: A2: Broken Authentication   With access to a system’s control interface, a malicious actor can unlock controls remotely, allowing them to gain physical […]

Read More…

CRITICALSTART’s TEAMARES Research Is Aiding Global Fight Against COVID-19

What does a computer virus have in common with the Coronavirus (COVID-19)? Plenty, believe it or not, as technology can be used to help solve both. The TEAMARES research team has found that our hash cracker Cthulhu can be used to run computer simulations that mimic the same complex protein folding that occurs in viruses. […]

Read More…

Regex Revelry

Regular Expressions (Regex) are used to identify strings that defy simple search terms, which infosec and technology professionals use for things like input validation, searching and scripting. Unfortunately, the syntax can be intimidating and the learning curve steep for beginners. Throw in a handful of different flavors and the confusion grows. While it can be […]

Read More…