Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.

As an attacker, what do you do when you come across an IIS server? @infosec_au shares his first steps when it comes to hacking IIS/.NET. There will be more videos on this topic area. Please like, share and subscribe. piped.video/HrJW6Y9kHC4
8
133
375
We've just released our research, tooling and datasets on contextual content discovery, if you're interested in improving your content discovery skills, you should check it out! blog.assetnote.io/2021/04/05…
2
130
352
We're releasing a new tool to help you exploit tricky SSRF vulnerabilities called surf. With this tool, you can work out which external hosts are not responding to HTTP(s) that are prime candidates for your SSRF vulnerability. github.com/assetnote/surf
3
73
341
45,776
What do you do once you have found a blind SSRF? Check out our blind SSRF glossary which contains a number of handy attack chains: blog.assetnote.io/2021/01/13…. The post also briefly touches on SSRF canaries, using existing DNS data and side channel attacks.
127
266
Our security research team discovered a full-read SSRF in the Next.JS framework (CVE-2024-34351). You can read about our research here: assetnote.io/resources/resea…
65
225
24,438
Zoom Zero Day Followup: Getting the RCE. Find our writeup and proof-of-concept in our blog: buff.ly/30xfcrW
4
70
216
Our security research team discovered multiple critical vulnerabilities in Websphere Portal. You can read about these issues in our advisory and research blog post: blog.assetnote.io/2021/12/26… blog.assetnote.io/2021/12/25… Please follow the remediation section if you run this software.
3
68
186
Our security research team discovered a full-read SSRF vulnerability in Jamf Pro. We have published an advisory on this issue here: blog.assetnote.io/2021/11/30… and you can read about the discovery process here: blog.assetnote.io/2021/11/30…
73
181
Our security research team discovered a pre-auth RCE vulnerability in Progress WS_FTP (CVE-2023-40044). Due to the exploit being released on Twitter, we've also published - Blog: assetnote.io/resources/resea… Advisory: assetnote.io/resources/resea…
36
152
23,189
In May 2024, our security research team disclosed three critical issues in ServiceNow, which allowed for unauthenticated arbitrary code execution and data access for ServiceNow Vancouver or Washington instances. You can read our blog post here: assetnote.io/resources/resea…
1
43
160
18,679
Given the recent high profile breaches of file transfer software, our security research team focused on Citrix ShareFile and discovered a critical pre-authentication RCE vulnerability. This has been assigned CVE-2023-24489. Our blog post can be found here: blog.assetnote.io/2023/07/04… And our advisory here: blog.assetnote.io/2023/07/04…
3
31
142
21,764
Early this morning, we alerted our customers to a new Ivanti SSRF vulnerability that our research team discovered when reverse engineering Ivanti’s latest patch. We decided to hold off on releasing this blog post publicly and support our customers in their remediation. Since this finding has been publicly posted by another party, we are also releasing our research to help add some more color. assetnote.io/resources/resea…
1
45
146
23,614
Last week, our security research team reverse-engineered a critical CVSS 9.8 vulnerability in Magento (CVE-2024-34102), which allows for pre-authentication XML Entity Injection. Originally discovered by Sergey Temnikov (spacewasp). Read our notes here: assetnote.io/resources/resea…
2
35
130
31,419
Watch our third episode of Bug Bounty Redacted to learn about hacking APIs and finding XSS, SQLi, WAF Bypass in a regional web application. piped.video/watch?v=vaA6Sj7h… #bugbountytips #bugbounty
30
128
If you're looking to fine-tune your detections for the authentication bypass for Ivanti Pulse Connect Secure (CVE-2023-46805), the best way is to send a POST request to /api/v1/totp/user-backup-code/../../system/platform?operation=testConnectivity If the response has "Destination host", it is vulnerable. Detection mechanisms that infer based on a 403 response are false positive prone. Write up coming soon to add more color.
1
23
123
16,525
Are you interested in testing the security of a GraphQL API? Check out our latest blog post on Exploiting GraphQL: blog.assetnote.io/2021/08/29…
1
50
119
We've released a new blog post with the full details from @seanyeoh and @devec0's #NahamCon2022 talk on hacking CI systems. Join us on an epic 3-part adventure through @Cloudflare's Pages system - from command injection to container escape to compromise: blog.assetnote.io/2022/05/06…
38
104
Our security research team were the original reporters of the Metabase Pre-Auth RCE vulnerability (CVE-2023-38646). You can read our blog post here: blog.assetnote.io/2023/07/22… And our advisory here: blog.assetnote.io/2023/07/22…
3
36
105
16,106
Our security research team, in collaboration with @Jhaddix and @bscarvell discovered a critical pre-auth RCE vulnerability in Oracle Opera - CVE-2023-21932. You can read more about our discovery here: blog.assetnote.io/2023/04/30…
28
94
14,326
Do you work for an organization that uses AWS? You may be vulnerable to dangling elastic IP subdomain takeover attacks. We've released a new open source tool called Ghostbuster to address this. Details about this release can be found in our blog post: blog.assetnote.io/2022/02/13…
30
88
Our security research team discovered and reported a high risk SSRF vulnerability in Jira Core and Datacenter to Atlassian. You can read about the issue here: blog.assetnote.io/2022/06/26… #bugbountytips
23
88
Our security research team discovered critical vulnerabilities in @ProgressSW's WhatsUp Gold. We chained a number of vulnerabilities to reach critical severity. You can read our writeup here: blog.assetnote.io/2022/06/09…
1
21
83
Last year we discovered some critical vulnerabilities in VMWare Workspace One UEM (CVE-2021-22054). You can read about our security teams research here: blog.assetnote.io/2022/04/27…
26
85
Our security research team discovered a reflected cross-site scripting vulnerability in cPanel. There were over 1.2M assets affected before the vulnerability was fixed. You can read more about it in our blog: blog.assetnote.io/2023/04/26…
1
15
83
16,118
Our security research team has performed an analysis on CVE-2023-3519 (Citrix RCE) and we've published our findings on our blog, with an accurate detection mechanism: blog.assetnote.io/2023/07/21… We'll continue to update this blog as new information is surfaced or further analysis is done.
2
23
74
13,450
Our team spent the last week researching accurate detections for CVE-2023-46805 & CVE-2024-21887 in Ivanti Pulse Connect Secure. We have identified an additional endpoint for the authentication bypass on older versions. You can read our research here: assetnote.io/resources/resea…
13
77
7,212
Tomorrow, we will release a technique that we use to determine the rest of the file or folder name on IIS servers. If you want to get acquainted with BigQuery before tomorrow, check out piped.video/watch?v=GxkuBFUf…
9
70
We've released the second episode of "Bug Bounty Redacted" on our YouTube channel. piped.video/watch?v=kcSc5jL-… This episode covers third party subdomain takeovers and exposed administration interfaces. New episodes monthly! #bugbountytips #bugbounty
1
14
72
We're stoked to sponsor #NahamCon2024 this year. Our CTO, @infosec_au, will present Modern WAF Bypass Techniques on Large Attack Surfaces. We're looking forward to the conference!
4
75
5,386
Our security research team has published Part 2 of our Citrix Pre Auth RCE analysis (CVE-2023-3519). You can read our research on our blog: blog.assetnote.io/2023/07/24…
2
19
70
9,000
Our security research team discovered a pre-auth XSS in Citrix Gateway (CVE-2023-24488). This affected over 50k instances on the internet. You can read about our discovery here: blog.assetnote.io/2023/06/29…
2
4
64
9,026
Our security research team discovered a critical pre-authentication RCE vulnerability in IBM Aspera Faspex CVE-2022-47986. You can read the research on our blog: blog.assetnote.io/2023/02/02…
1
21
65
10,491
We discovered a pre-auth RCE vulnerability in dotCMS. You can read more about the discovery here: Blog: blog.assetnote.io/2022/05/03… Advisory: blog.assetnote.io/2022/05/03…
1
14
66
Our security research team discovered a critical RCE vulnerability in Avaya Device Services. You can read the research on our blog: blog.assetnote.io/2023/02/01…
14
62
8,353
Our security research team discovered an SSRF vulnerability in VMWare Workspace One Access. You can read about the issue on our blog. blog.assetnote.io/2022/01/17… If you're running this software on your attack surface, please remediate the issue by updating Workspace One Access.
1
17
64
Our security researcher @TheGrandPew discovered a pre authentication remote command execution vulnerability in Bitbucket Server. You can read his writeup on our blog here: blog.assetnote.io/2022/09/14…
1
11
62
Have you ever needed a wordlist for content discovery or subdomain enumeration? Try our wordlists located at wordlists.assetnote.io. These are generated automatically on a monthly basis using datasets on BigQuery. We also include some manually generated wordlists.
3
16
61
The Citrix Sage Continues! In late 2023, our research team identified and reported two Citrix vulnerabilities involving Storefront and Session Recording. We worked with the Citrix team to coordinate this disclosure. assetnote.io/resources/resea…
1
24
60
8,827
Our security research team recently reproduced CVE-2023-4966 (Citrixbleed) in Citrix Netscaler Gateway marked as CVSS 9.4. You can read how we protected our customers from this emerging threat and the proof-of-concept at our blog: assetnote.io/resources/resea…
20
60
8,697
Our security researchers identified a critical vulnerability inside Flarum (popular forum software) which allows attackers to read local files from the system. You can read about it on our blog here: blog.assetnote.io/2023/08/28… and our advisory here: blog.assetnote.io/2023/08/28…
1
14
53
11,254
Our security researcher, Dylan Pindur, discovered several critical vulnerabilities in Sitecore 9.3. Some can be exploited without authentication. You can read our blog post on this here: blog.assetnote.io/2023/05/10…
12
52
9,825
Our security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud). You can read about our findings on our blog here: blog.assetnote.io/2022/10/28…
14
46
The security research team at Assetnote has successfully reproduced the recent Progress MOVEit Transfer SQLi->RCE attack vector CVE-2023-34362 - blog.assetnote.io/2023/06/07…
5
51
6,180
We've started a new video series "Bug Bounty Redacted" which goes through the discovery and reporting process for real bugs. Our first episode is out now: piped.video/watch?v=mWNaGn8x… We'll be releasing new episodes on a Monthly schedule! #bugbountytips #bugbounty
13
51
Our security research team recently discovered a pre-authentication RCE vulnerability in Sitecore's Experience Platform. You can read about the discovery and remediation advice for this vulnerability at our blog: blog.assetnote.io/2021/11/02…
1
11
48
Check out Hacking IIS (Part 2) from @infosec_au here: piped.video/_4W0WXUatiw
1
12
40
Last month, our security research team discovered a logic flaw in Dynamicweb that leads to RCE. The vulnerability was present in the codebase since 2018! You can read about our discovery here - CVE-2022-25369. blog.assetnote.io/2022/02/20…
5
41
Adding to transparency in the bug bounty scene, we've published @infosec_au's efforts in bug bounties for the last four years. There's a lot to learn, check it out at blog.assetnote.io/2020/09/15…
13
39
We spent some time analysing CVE-2022-22972 to understand the root cause of the issue. This was a fun authentication bypass vulnerability in VMWare Workspace One Access. blog.assetnote.io/2022/05/27…
3
35
Our security research team discovered a number of critical vulnerabilities in Yellow Fin BI. You can read about the research on our blog, here: blog.assetnote.io/2023/01/24…
8
36
4,023
Assetnote is pleased to announce we have developed a check in our Exposure Monitoring Engine to help our Continuous Security customers detect where they are vulnerable to log4j. If you need help with this please get in touch with us.
5
33
Check out this research on H2C Smuggling by @seanyeoh. It was possible to exploit multiple cloud providers through this, in the blog we detail the effects of H2C smuggling on Cloudflare and Azure: blog.assetnote.io/2021/03/18…
13
32
Read our writeup for the MOVEit Transfer SQL injection to RCE CVE-2023-34362: blog.assetnote.io/2023/06/13… We hope that our research helps with offensive and defensive security efforts.
6
31
4,752
Watch our CEO @mgianarakis and Engineering Lead @seanyeoh present on hacking Zoom on macOS at HITB GSEC in Singapore. buff.ly/2PjZHmN
3
29
In the last post of the series, our security research team describes the steps it took to discover the root cause of the Citrix ADC / Netscaler RCE (CVE-2023-3519). If you're interested in reproducing our work, you can read through our blog post here: blog.assetnote.io/2023/08/09…
8
29
4,280
Assetnote is happy to be sponsoring Nahamcon 2021! There's a brilliant lineup of talks, so be sure to catch it on Sunday March 14th 9AM PST. #NahamCon2021
4
27
For those attending @defcon come check out @mgianarakis and @infosec_au at the @ReconVillage dropping Commonspeak2 and talking about evolutionary wordlists.
6
24
We discovered some high risk issues in Solarwinds Web Help Desk - CVE-2021-35232. You can read about the issues on our blog. blog.assetnote.io/2022/01/23… If you're running this software on your attack surface, please remediate the issue by updating Solarwinds Web Help Desk.
4
24
We've released a new blog post containing detailed information about the WatchGuard RCE (CVE-2022-26318). Inside the blog post you will find a more reliable PoC for the issue and the reverse engineering process. blog.assetnote.io/2022/04/13…
10
24
Stop by the Assetnote booth @ #AusCERT2021 to see our Continuous Security Platform in action! Reach out if you want to schedule a demo with us so we can show you how quickly we map your attack surface and find security exposures! @AusCERT @AustCyber
6
22
Catch our CEO @mgianarakis on @riskybusiness talking about how Assetnote can be used to help monitor the security of your external attack surface. risky.biz/snakeoilers7pt2/
2
20
Catch the talk by @infosec_au and @mgianarakis on evolutionary wordlists and Commonspeak2 at 6pm at the @defcon @ReconVillage
4
19
It’s been great watching and participating in the race to CVE-2019-19781. All of our customers have been covered by this check for the last few days. #cve201919781 #citrix
3
18
Taking over Azure DevOps Accounts with 1 Click - blog.assetnote.io/2020/06/28… by @seanyeoh
1
5
15
Come watch @infosec_au and @nnwakelam present on bug bounties at #35c3
1 hour until the #BugBounty meetup we are hosting w/ @jerh17 at #35c3! ⚡️ @infosec_au and @nnwakelam will be doing a talk about bug bounties! 19:30 - Messehaus Hall M2 35c3.c3nav.de/l/mh-hall-m2/@…
1
4
15
We received some feedback from @frycos about the AttackerKB vector being a valuable check as well, sometimes finding additional vulnerable hosts. This could be because the API being traversed to does not exist on some versions. The AttackerKB variant is: /api/v1/totp/user-backup-code/../../system/system-information
14
2,450
This is definitely a serious one we are seeing it pop up all over the place, please make sure to implement the mitigation’s as soon as you can - support.citrix.com/article/C… #CVE201919781 #citrix
4
14
We're proud to sponsor and support #NahamCon2023. Be sure to tune in on Saturday, June 17 2023.
13
1,767
Our team discovered a pre-authentication full read SSRF in VMWare Workspace One UEM (AirWatch). If you’re a customer of Assetnote, we have been scanning for this issue for months. The advisory was released recently, please patch. vmware.com/security/advisori…
1
9
Be sure to check out @mgianarakis at @BSidesLV on Wednesday the 8th to learn about iOS runtime hacking techniques.
1
8
Watch our CEO @mgianarakis talk to @AustCyber about Assetnote, what attack surface management is, where the idea came from, and what's planned for the future in this video: piped.video/watch?v=8SeqIn0w…
4
5
If you are in Singapore for Hack In The Box GSEC and want to chat about our Continuous Security product hit up @mgianarakis our CEO for a chat.
5
If you are heading to #hackersummercamp and want to find out more about Assetnote get in touch with @mgianarakis or @infosec_au and we can organise a chat at Black Hat or DEF CON.
1
3
Replying to @albinowax
Fixing, thank you!
1
538
Hear about Assetnote's co-founders journey on this podcast. Includes discussions about breaking into information security at a young age and how Assetnote was founded.
Episode 23 of #HackingintoSecurity is out. It was great fun catching up with Shubs, @infosec_au. We discuss his fascinating journey into the into #infosec industry. Available on @Spotify and @iTunes podcasts. Links to follow
2
We had to move from Git LFS which has bandwidth limits on GitHub to Amazon S3. All the wordlists are still downloadable through the website.
1
Replying to @jleyden @DailySwig
We've found dangling zone takeovers for a lot of large companies, especially when they are using Route53. These takeovers can often be escalated when it comes to severity, similar to what we did in the blog post. Also possible to register SSL certs and receive mail.
1
1