Assetnote
@assetnote
Followers
8,712
Following
0
Media
46
Statuses
115
Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
Joined July 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
D-10
• 199530 Tweets
Bills
• 113306 Tweets
#AMAs
• 104581 Tweets
Lamar
• 104258 Tweets
Ravens
• 100791 Tweets
Bengals
• 82379 Tweets
Phillies
• 77277 Tweets
Giants
• 67315 Tweets
Browns
• 66768 Tweets
Watson
• 53279 Tweets
Broncos
• 47150 Tweets
49ers
• 41904 Tweets
STRAY KIDS BOYBAND LEGACY
• 41561 Tweets
Packers
• 37002 Tweets
Nacho
• 23498 Tweets
Rams
• 20888 Tweets
Castellanos
• 18176 Tweets
Cardinals
• 17213 Tweets
Zac Taylor
• 12347 Tweets
Bo Nix
• 12191 Tweets
ジャングルポケット
• 11490 Tweets
Purdy
• 11401 Tweets
斉藤慎二
• 11109 Tweets
Jordan Love
• 10795 Tweets
斉藤メンバー
• 10783 Tweets
書類送検
• 10718 Tweets
As an attacker, what do you do when you come across an IIS server?
@infosec_au
shares his first steps when it comes to hacking IIS/.NET. There will be more videos on this topic area. Please like, share and subscribe.
8
138
383
We've just released our research, tooling and datasets on contextual content discovery, if you're interested in improving your content discovery skills, you should check it out!
2
132
363
We're releasing a new tool to help you exploit tricky SSRF vulnerabilities called surf. With this tool, you can work out which external hosts are not responding to HTTP(s) that are prime candidates for your SSRF vulnerability.
4
76
351
What do you do once you have found a blind SSRF? Check out our blind SSRF glossary which contains a number of handy attack chains: . The post also briefly touches on SSRF canaries, using existing DNS data and side channel attacks.
0
132
274
Discovering a zero day and getting code execution on Mozilla's AWS Network
5
97
241
Our security research team discovered a full-read SSRF in the Next.JS framework (CVE-2024-34351). You can read about our research here:
0
69
232
Zoom Zero Day Followup: Getting the RCE. Find our writeup and proof-of-concept in our blog:
4
73
219
Our security research team discovered multiple critical vulnerabilities in Websphere Portal. You can read about these issues in our advisory and research blog post:
Please follow the remediation section if you run this software.
4
73
194
Our security research team discovered a full-read SSRF vulnerability in Jamf Pro. We have published an advisory on this issue here: and you can read about the discovery process here:
0
74
189
Our security research team discovered a pre-auth RCE vulnerability in Progress WS_FTP (CVE-2023-40044). Due to the exploit being released on Twitter, we've also published -
Blog:
Advisory:
0
39
156
In May 2024, our security research team disclosed three critical issues in ServiceNow, which allowed for unauthenticated arbitrary code execution and data access for ServiceNow Vancouver or Washington instances. You can read our blog post here:
1
42
159
Given the recent high profile breaches of file transfer software, our security research team focused on Citrix ShareFile and discovered a critical pre-authentication RCE vulnerability. This has been assigned CVE-2023-24489.
Our blog post can be found here:
3
35
148
Early this morning, we alerted our customers to a new Ivanti SSRF vulnerability that our research team discovered when reverse engineering Ivanti’s latest patch.
We decided to hold off on releasing this blog post publicly and support our customers in their remediation.
Since
1
47
152
Last week, our security research team reverse-engineered a critical CVSS 9.8 vulnerability in Magento (CVE-2024-34102), which allows for pre-authentication XML Entity Injection. Originally discovered by Sergey Temnikov (spacewasp). Read our notes here:
2
36
133
Watch our third episode of Bug Bounty Redacted to learn about hacking APIs and finding XSS, SQLi, WAF Bypass in a regional web application.
#bugbountytips
#bugbounty
0
32
131
Our security research team took a deeper look into FortiGate. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
Read the research here:
2
37
134
If you're looking to fine-tune your detections for the authentication bypass for Ivanti Pulse Connect Secure (CVE-2023-46805), the best way is to send a POST request to /api/v1/totp/user-backup-code/../../system/platform?operation=testConnectivity
If the response has
1
24
129
Are you interested in testing the security of a GraphQL API? Check out our latest blog post on Exploiting GraphQL:
1
51
121
We've released a new blog post with the full details from
@seanyeoh
and
@devec0
's
#NahamCon2022
talk on hacking CI systems. Join us on an epic 3-part adventure through
@Cloudflare
's Pages system - from command injection to container escape to compromise:
0
39
106
Our security research team were the original reporters of the Metabase Pre-Auth RCE vulnerability (CVE-2023-38646).
You can read our blog post here:
And our advisory here:
3
37
107
Our security research team, in collaboration with
@Jhaddix
and
@bscarvell
discovered a critical pre-auth RCE vulnerability in Oracle Opera - CVE-2023-21932. You can read more about our discovery here:
0
32
101
Do you work for an organization that uses AWS? You may be vulnerable to dangling elastic IP subdomain takeover attacks. We've released a new open source tool called Ghostbuster to address this. Details about this release can be found in our blog post:
0
30
93
Our security research team discovered and reported a high risk SSRF vulnerability in Jira Core and Datacenter to Atlassian. You can read about the issue here:
#bugbountytips
0
23
92
Our security research team discovered critical vulnerabilities in
@ProgressSW
's WhatsUp Gold. We chained a number of vulnerabilities to reach critical severity. You can read our writeup here:
1
22
88
Last year we discovered some critical vulnerabilities in VMWare Workspace One UEM (CVE-2021-22054). You can read about our security teams research here:
0
27
84
Our security research team discovered a reflected cross-site scripting vulnerability in cPanel. There were over 1.2M assets affected before the vulnerability was fixed. You can read more about it in our blog:
1
16
85
Our security research team has performed an analysis on CVE-2023-3519 (Citrix RCE) and we've published our findings on our blog, with an accurate detection mechanism:
We'll continue to update this blog as new information is surfaced or further analysis
2
24
80
Our team spent the last week researching accurate detections for CVE-2023-46805 & CVE-2024-21887 in Ivanti Pulse Connect Secure. We have identified an additional endpoint for the authentication bypass on older versions. You can read our research here:
0
15
80
Tomorrow, we will release a technique that we use to determine the rest of the file or folder name on IIS servers. If you want to get acquainted with BigQuery before tomorrow, check out
0
9
77
We've released the second episode of "Bug Bounty Redacted" on our YouTube channel.
This episode covers third party subdomain takeovers and exposed administration interfaces.
New episodes monthly!
#bugbountytips
#bugbounty
1
15
75
We're stoked to sponsor
#NahamCon2024
this year. Our CTO,
@infosec_au
, will present Modern WAF Bypass Techniques on Large Attack Surfaces. We're looking forward to the conference!
0
4
75
Our security research team has published Part 2 of our Citrix Pre Auth RCE analysis (CVE-2023-3519). You can read our research on our blog:
2
19
70
Our security research team discovered a pre-auth XSS in Citrix Gateway (CVE-2023-24488). This affected over 50k instances on the internet.
You can read about our discovery here:
2
4
68
Our security research team discovered a critical pre-authentication RCE vulnerability in IBM Aspera Faspex CVE-2022-47986. You can read the research on our blog:
1
22
68
We discovered a pre-auth RCE vulnerability in dotCMS. You can read more about the discovery here:
Blog:
Advisory:
1
14
67
Our security research team discovered a critical RCE vulnerability in Avaya Device Services. You can read the research on our blog:
0
14
64
Our security research team discovered an SSRF vulnerability in VMWare Workspace One Access. You can read about the issue on our blog.
If you're running this software on your attack surface, please remediate the issue by updating Workspace One Access.
1
17
66
Our security researcher
@TheGrandPew
discovered a pre authentication remote command execution vulnerability in Bitbucket Server. You can read his writeup on our blog here:
1
11
66
Have you ever needed a wordlist for content discovery or subdomain enumeration? Try our wordlists located at . These are generated automatically on a monthly basis using datasets on BigQuery. We also include some manually generated wordlists.
3
16
62
The Citrix Sage Continues! In late 2023, our research team identified and reported two Citrix vulnerabilities involving Storefront and Session Recording. We worked with the Citrix team to coordinate this disclosure.
1
27
63
Our security research team recently reproduced CVE-2023-4966 (Citrixbleed) in Citrix Netscaler Gateway marked as CVSS 9.4. You can read how we protected our customers from this emerging threat and the proof-of-concept at our blog:
0
21
61
Our security researchers identified a critical vulnerability inside Flarum (popular forum software) which allows attackers to read local files from the system. You can read about it on our blog here: and our advisory here:
1
14
55
Our security researcher, Dylan Pindur, discovered several critical vulnerabilities in Sitecore 9.3. Some can be exploited without authentication. You can read our blog post on this here:
0
13
57
Our security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud). You can read about our findings on our blog here:
0
15
53
The security research team at Assetnote has successfully reproduced the recent Progress MOVEit Transfer SQLi->RCE attack vector CVE-2023-34362 -
0
5
52
We've started a new video series "Bug Bounty Redacted" which goes through the discovery and reporting process for real bugs.
Our first episode is out now:
We'll be releasing new episodes on a Monthly schedule!
#bugbountytips
#bugbounty
0
13
51
Watch our fifth episode of Bug Bounty Redacted to learn about second order subdomain takeovers and logic based DoS attacks.
#bugbountytips
#bugbounty
0
13
51
Our security research team recently discovered a pre-authentication RCE vulnerability in Sitecore's Experience Platform. You can read about the discovery and remediation advice for this vulnerability at our blog:
1
11
50
Watch our fourth episode of Bug Bounty Redacted to learn about how we overwrote a JS file via S3 PUT requests and insecure JWT implementations.
#bugbountytips
#bugbounty
0
7
46
Last month, our security research team discovered a logic flaw in Dynamicweb that leads to RCE. The vulnerability was present in the codebase since 2018! You can read about our discovery here - CVE-2022-25369.
0
5
41
Adding to transparency in the bug bounty scene, we've published
@infosec_au
's efforts in bug bounties for the last four years. There's a lot to learn, check it out at
0
13
39
We spent some time analysing CVE-2022-22972 to understand the root cause of the issue. This was a fun authentication bypass vulnerability in VMWare Workspace One Access.
0
3
35
Our security research team discovered a number of critical vulnerabilities in Yellow Fin BI. You can read about the research on our blog, here:
0
8
36
Assetnote is pleased to announce we have developed a check in our Exposure Monitoring Engine to help our Continuous Security customers detect where they are vulnerable to log4j. If you need help with this please get in touch with us.
0
5
34
Check out this research on H2C Smuggling by
@seanyeoh
. It was possible to exploit multiple cloud providers through this, in the blog we detail the effects of H2C smuggling on Cloudflare and Azure:
0
13
34
Read our writeup for the MOVEit Transfer SQL injection to RCE CVE-2023-34362:
We hope that our research helps with offensive and defensive security efforts.
0
6
33
Watch our CEO
@mgianarakis
and Engineering Lead
@seanyeoh
present on hacking Zoom on macOS at HITB GSEC in Singapore.
0
3
29
In the last post of the series, our security research team describes the steps it took to discover the root cause of the Citrix ADC / Netscaler RCE (CVE-2023-3519). If you're interested in reproducing our work, you can read through our blog post here:
0
8
30
Assetnote is happy to be sponsoring Nahamcon 2021! There's a brilliant lineup of talks, so be sure to catch it on Sunday March 14th 9AM PST.
#NahamCon2021
0
4
27
For those attending
@defcon
come check out
@mgianarakis
and
@infosec_au
at the
@ReconVillage
dropping Commonspeak2 and talking about evolutionary wordlists.
0
6
26
We discovered some high risk issues in Solarwinds Web Help Desk - CVE-2021-35232. You can read about the issues on our blog.
If you're running this software on your attack surface, please remediate the issue by updating Solarwinds Web Help Desk.
0
4
25
We've released a new blog post containing detailed information about the WatchGuard RCE (CVE-2022-26318). Inside the blog post you will find a more reliable PoC for the issue and the reverse engineering process.
0
11
24
Stop by the Assetnote booth @
#AusCERT2021
to see our Continuous Security Platform in action!
Reach out if you want to schedule a demo with us so we can show you how quickly we map your attack surface and find security exposures!
@AusCERT
@AustCyber
0
6
23
Catch our CEO
@mgianarakis
on
@riskybusiness
talking about how Assetnote can be used to help monitor the security of your external attack surface.
0
3
21
Catch the talk by
@infosec_au
and
@mgianarakis
on evolutionary wordlists and Commonspeak2 at 6pm at the
@defcon
@ReconVillage
0
4
19
It’s been great watching and participating in the race to CVE-2019-19781. All of our customers have been covered by this check for the last few days.
#cve201919781
#citrix
0
3
18
1 hour until the
#BugBounty
meetup we are hosting w/
@jerh17
at
#35c3
! ⚡️
@infosec_au
and
@nnwakelam
will be doing a talk about bug bounties!
19:30 - Messehaus Hall M2
1
0
6
1
4
15
Our security researcher
@hash_kitten
is talking at Ruxmon in Melbourne on the 26th of July about how he approached his security research on ServiceNow:
0
2
18
We received some feedback from
@frycos
about the AttackerKB vector being a valuable check as well, sometimes finding additional vulnerable hosts. This could be because the API being traversed to does not exist on some versions. The AttackerKB variant is:
0
0
14
This is definitely a serious one we are seeing it pop up all over the place, please make sure to implement the mitigation’s as soon as you can -
#CVE201919781
#citrix
0
4
14
We're proud to sponsor and support
#NahamCon2023
. Be sure to tune in on Saturday, June 17 2023.
0
0
13
Our team discovered a pre-authentication full read SSRF in VMWare Workspace One UEM (AirWatch). If you’re a customer of Assetnote, we have been scanning for this issue for months. The advisory was released recently, please patch.
0
1
9
Be sure to check out
@mgianarakis
at
@BSidesLV
on Wednesday the 8th to learn about iOS runtime hacking techniques.
0
1
8
Watch our CEO
@mgianarakis
talk to
@AustCyber
about Assetnote, what attack surface management is, where the idea came from, and what's planned for the future in this video:
0
4
5
If you are in Singapore for Hack In The Box GSEC and want to chat about our Continuous Security product hit up
@mgianarakis
our CEO for a chat.
0
0
5
If you are heading to
#hackersummercamp
and want to find out more about Assetnote get in touch with
@mgianarakis
or
@infosec_au
and we can organise a chat at Black Hat or DEF CON.
1
0
3
Hear about Assetnote's co-founders journey on this podcast. Includes discussions about breaking into information security at a young age and how Assetnote was founded.
Episode 23 of
#HackingintoSecurity
is out. It was great fun catching up with Shubs,
@infosec_au
. We discuss his fascinating journey into the into
#infosec
industry. Available on
@Spotify
and
@iTunes
podcasts. Links to follow
1
4
25
0
0
2
@vulnerablecode
@20backslash
We had to move from Git LFS which has bandwidth limits on GitHub to Amazon S3. All the wordlists are still downloadable through the website.
0
0
1
@jleyden
@DailySwig
We've found dangling zone takeovers for a lot of large companies, especially when they are using Route53. These takeovers can often be escalated when it comes to severity, similar to what we did in the blog post. Also possible to register SSL certs and receive mail.
1
0
1