1/13/25, 7:55 AM
Coldfusion
1/13/25, 7:55 AM
Coldfusion
1/13/25, 7:55 AM
Coldfusion
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
12/23/24, 10:53 PM
Coldfusion
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
12/23/24, 10:53 PM
Coldfusion
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
12/23/24, 10:53 PM
Coldfusion
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
8/8/24, 11:33 AM
Coldfusion
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
8/8/24, 11:33 AM
Coldfusion
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
8/8/24, 11:33 AM
Coldfusion
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
7/24/24, 3:15 PM
Coldfusion
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
7/24/24, 3:15 PM
Coldfusion
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
7/24/24, 3:15 PM
Coldfusion
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
7/22/24, 5:59 PM
Coldfusion
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
7/22/24, 5:59 PM
Coldfusion
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
7/22/24, 5:59 PM
Coldfusion
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
3/27/24, 5:00 AM
Coldfusion
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
3/27/24, 5:00 AM
Coldfusion
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
3/27/24, 5:00 AM
Coldfusion
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
3/25/24, 10:45 AM
Coldfusion
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
3/25/24, 10:45 AM
Coldfusion
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
3/25/24, 10:45 AM
Coldfusion
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
3/21/24, 10:50 AM
Coldfusion
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
3/21/24, 10:50 AM
Coldfusion
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
3/21/24, 10:50 AM
Coldfusion
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.
3/5/24, 12:03 AM
Coldfusion
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.
3/5/24, 12:03 AM
Coldfusion