This piqued my interest as Tsai didn’t publish a proof of concept for the exploit he found in Pulse Secure Connect (CVE-2019-11510) and being a curious researcher I wanted to work on reverse engineering the exploit from the clue they gave. Our research began when Orange Tsai and Meh Chang published some amazing research focusing on SSL VPNs at Black Hat USA 2019, where they talked about exploiting a vulnerability in Pulse Secure Connect that gave them total access to Twitter’s infrastructure. This guest blog post will walk through how they developed an exploitable-payload for this vulnerability. They are one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations.
0 Comments
Leave a Reply. |