Zach Hanley
@hacks_zach
Followers
2K
Following
2K
Statuses
376
Vulnerability Researcher | Attack Engineer @horizon3ai
Raleigh, NC
Joined November 2017
RT @stephenfewer: Today @rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in B…
0
35
0
RT @the_emmons: The Rapid7 ETR team just published an analysis of CVE-2024-53704, a SonicWall VPN authentication bypass that was announced…
0
23
0
RT @Horizon3Attack: We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin…
0
25
0
RT @stephenfewer: We now have a @metasploit RCE exploit module in the pull queue for CVE-2024-55956 - an unauthenticated file write vulnera…
0
61
0
RT @buffaloverflow: Normalization strikes again 🎯 Delinea Secret Server Protocol Handler RCE: By @johnnyspandex
0
33
0
@stratosberry @Horizon3ai CVE-2023-34990 is likely a delayed CVE assignment for the limited file read vuln in our blog post earlier this year
0
0
4
RT @stephenfewer: We have published our @rapid7 analysis of the new Cleo vuln, now known as CVE-2024-55956. An unauthenticated file write a…
0
29
0
RT @orange_8361: Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pr…
0
228
0
RT @SinSinology: Me and My colleague Sonny 🥷🥷 Have cooked this, both read and write what where 🩸🩸
0
19
0
RT @KyleHanslovan: Gotta love 0-day. Gonna be a wild night! Cleo software CVE-2024-50623 is being actively exploited in-the-wild and fully-…
0
30
0
RT @stephenfewer: Today @rapid7 is disclosing the vulnerabilities from our exploit chain targeting the Lorex 2K Indoor Wi-Fi Security Camer…
0
61
0
RT @frycos: Most of you know about Telerik or DevExpress but ever heard of Syncfusion as another big global player? I found some interestin…
0
12
0
RT @stephenfewer: We now have a @metasploit exploit module in the pull queue for the PAN-OS management interface unauthenticated RCE exploi…
0
115
0
RT @watchtowrcyber: in today's 'no way, is it real?' we found out that Palo Alto's PAN-OS CVE-2024-0012 and CVE-2024-9474 were the equivale…
0
171
0
RT @CISACyber: 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabiliti…
0
41
0
RT @SinSinology: 🔥 Took me a while to find this Citrix XEN Unauthenticated Remote Code Execution, Enjoy 🪲
0
29
0
RT @SinSinology: ⏳15 more hour of reversing and recovering structs members, rebuilding vtables and now we can jump even higher 🔥
0
12
0
Surprisingly a valuable target for attackers given we'd never heard of it before. Lots of stored credentials and API keys for other devices.
Our latest post detailing compromising the #PaloAlto #Expedition. While investigating CVE-2024-5910, we discovered and reported 3 additional vulnerabilities allowing an attacker to obtain RCE and leak integration credentials across the ecosystem.
0
1
12