Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Breaking Down Q2's Critical CVEs: From Discovery to Exploitation

Watch the third episode of our What the Vuln technical series as we share the most intriguing vulnerabilities that we encountered in Q2 2023 and how we hacked them.

}

Register to Watch Video

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.

Mastering Modern Vulnerability Research & Exploitation

Step into the world of offensive security as we dissect Q2's most impactful vulnerabilities and reveal cutting-edge exploitation techniques. This third episode of our "What the Vuln" series delivers practical insights into real-world attack scenarios and defense strategies. Ongoing testing and experimentation in offensive security are critical catalysts for detecting unknown vulnerabilities that empower us to beat attackers at their own game. Likewise, building upon security research detailing known CVE’s adds deeper layers of analysis demonstrating how hackers exploit specific vulnerabilities in the wild if left unpatched on the attack surface.

Technical Deep Dives:

  • Microsoft OS vulnerabilities enabling privilege escalation (CVE-2023-21541)
  • Fortinet FortiOS exploitation techniques (CVE-2022-42475)
  • Advanced research methodologies for vulnerability discovery
  • Practical demonstration of attack paths and exploitation chains

Key Highlights:

  • Detailed analysis of unquoted search path vulnerabilities in Microsoft environments
  • Step-by-step breakdown of FortiGate appliance exploitation
  • Real-world impact assessment and mitigation strategies
  • Cutting-edge offensive security techniques and methodologies

Perfect For:

  • Security Researchers
  • Penetration Testers
  • Security Engineers
  • System Administrators
  • Vulnerability Management Teams

Why Watch: Get ahead of threat actors by understanding how these vulnerabilities can be exploited in the wild. Our technical deep-dive provides the knowledge needed to better protect your systems and improve your security posture.

Stay One Step Ahead: Learn how attackers think and operate while gaining practical knowledge to enhance your defensive strategies.


Ben Lincoln Headshot Managing Senior Security Consultant Bishop Fox

About the speaker, Ben Lincoln

Managing Principal

Ben Lincoln is a Managing Principal at Bishop Fox and focuses on application security. He has extensive experience in network penetration testing, red team activities, white-/black-box web/native application penetration testing, and exploit development. Prior to joining Bishop Fox, Ben was a security consultant with NCC Group, a global information assurance consulting organization. He also previously worked at a major retail corporation as a senior security engineer and a senior systems engineer. Ben delivered presentations at major security conferences, including "A Black Path Toward the Sun" at Black Hat USA 2016. Ben is OSCP-certified and has released several open-source exploit tools.

More by Ben

Jon Williams

About the speaker, Jon Williams

Senior Security Engineer

As a researcher for the Bishop Fox Capability Development team, Jon spends his time hunting for vulnerabilities and writing exploits for software on our customers' attack surface. Jon has written and presented research on various topics including enterprise wireless network attacks, bypassing network access controls, and reverse-engineering edge security device firmware.

More by Jon

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.