Security Research Articles
Information security is a rapidly changing, dynamic field with new attacks, breaches, technologies and vulnerabilities sprouting daily. And with such an influx of information, facts can be overlooked. Research and deeper investigation into these topics, however, can help us identify further potential threats while improving situational awareness, attack attribution and even defenses against future attacks.
In the “Research” category, we show you how SecurityTrails tools can help uncover what’s beneath the surface of controversial websites, malware, cybercrime campaigns, data breaches and bugs that make the headlines.
One of our earliest research projects here is a look into how you can track and trace websites who promote violence and other illegal activities (such as The Daily Stormer) through their DNS records. Among our later explorations, you’ll see our looks at malicious domain campaigns in the wake of hurricane Florence, cryptojacking campaigns, shutting down 8chan and, of course, our Recon Safari series.

A Blast from the Past: Revisiting the IIS Tilde Vulnerability
As Internet Information Services (IIS)—the underlying server technology behind scores of Windows-based web applications worldwide—continues to gain market share over rivaling platforms, its security vulnerabilities have not been in short supply.

New Microsoft Exchange Vulnerabilities Discovered: CVE-2022-41082 (RCE) & CVE-2022-41040 (SSRF)
Microsoft is investigating the potential exploitation of not one, but two distinct vulnerabilities impacting the Exchange Server 2013, 2016, and 2019 family of products.

Slipping Under the Radar: CVE-2022-26501 - Veeam Unauthenticated RCE
Veeam Software, a global leader in data backup, replication, and disaster recovery solutions, recently disclosed a series of software vulnerabilities affecting the Veeam Distribution Service (VDS) of its flagship Veeam Backup Server line of products.

Action needed: Atlassian Confluence On-Premise RCE Vulnerability - CVE-2022-26134
If you are an administrator of an Atlassian Confluence On-Premise installation, please make sure to update your installation immediately. All current versions of Confluence Server & Data Center are affected.

Insights and lessons learned from the recent BIG-IP Application Delivery Services Vulnerability
Every few months, a bug will come along that puts the information security community into a flurry of activity. Working weekends and nights to understand new vulnerability information as it comes to light, applying new patches (sometimes multiple times, as the situation changes), while also keeping apprised of new information hasn’t been uncommon. Throughout these past couple of years, we’ve had bugs as notable as Log4J, ProxyLogon, and more recently, a string of F5 vulnerabilities.

Understand Your Log4Shell Exposure with Detailed Asset Inventory
On Friday, December 10 2021, the SecurityTrails research team started tracking a critical vulnerability in the widely used Java-based Apache library Log4j. Dubbed Log4Shell (CVE-2021-44228), this vulnerability has shaken the cybersecurity community as well as organizations across the globe.

Critical Log4j Vulnerability Threatens Major Internet Players
The SecurityTrails research team is tracking a critical RCE vulnerability in Apache Log4j which affects many major internet-facing services. Log4j is a Java logging package that's used in many popular services and utilities. With a CVSS score of 10, this vulnerability (CVE-2021-44228) impacts Apache Log4j versions 2.0-beta9 to 2.14.1 according to Apache.

Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services
Vendors such as Datto, GeoVision, Synology and others leverage and depend on self-registered services for their products. These devices frequently leak critical data or have insecure design, unintentional or even intentional design decisions and application flaws. Through insecure network design and installation practices, they can be easily mapped, discovered and attacked by cyber criminals via insecure vendor, software and integrator practices.

Blast Radius: Misconfigured Kubernetes
Recognized as a leader in the container market, Kubernetes is an open source microservices cluster manager used by millions of companies worldwide. Bolstering its popularity is its considerable ability in managing container workloads, as it allows for the easy deployment of numerous servers with appropriate scaling as they grow.

Blast Radius: DNS Takeovers
Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don't exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).