What the Vuln Series: Quarterly Roundup

Watch the third episode of our What the Vuln technical series as we share the most intriguing vulnerabilities that we encountered in Q2 2023 and how we hacked them.

}

Register to Watch Video

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.

Ongoing testing and experimentation in offensive security are critical catalysts for detecting unknown vulnerabilities that empower us to beat attackers at their own game. Likewise, building upon security research detailing known CVE’s adds deeper layers of analysis demonstrating how hackers exploit specific vulnerabilities in the wild if left unpatched on the attack surface.

In the third episode of our What the Vuln series, we share a round-up of Q2 vulnerabilities that we came up against along with the cutting-edge techniques we developed to exploit them.

Join us to hear about:

  • Discovery of unquoted search path vulnerabilities in Microsoft operating system environments, including CVE-2023-21541, enabling attackers to gain horizontal or vertical privilege escalation.
  • A deep dive into Fortinet CVE-2022-42475 highlighting new research on how to develop an exploit that targets a single FortiGate appliance running a specific version of FortiOS.
Ben Lincoln Headshot Managing Senior Security Consultant Bishop Fox

About the speaker, Ben Lincoln

Managing Principal

Ben Lincoln is a Managing Principal at Bishop Fox and focuses on application security. He has extensive experience in network penetration testing, red team activities, white-/black-box web/native application penetration testing, and exploit development. Prior to joining Bishop Fox, Ben was a security consultant with NCC Group, a global information assurance consulting organization. He also previously worked at a major retail corporation as a senior security engineer and a senior systems engineer. Ben delivered presentations at major security conferences, including "A Black Path Toward the Sun" at Black Hat USA 2016. Ben is OSCP-certified and has released several open-source exploit tools.

More by Ben
Jon Williams

About the speaker, Jon Williams

Senior Security Engineer

As a researcher for the Bishop Fox Capability Development team, Jon spends his time hunting for vulnerabilities and writing exploits for software on our customers' attack surface. He previously served as an organizer for BSides Connecticut for four years and most recently completed the Corelan Advanced Windows Exploit Development course. Jon has presented talks and written articles about his security research on various subjects, including enterprise wireless network attacks, bypassing network access controls, and malware reverse engineering.

More by Jon

Extend Your Knowledge

Check out these related resources.

What the Vuln: A More Complete Exploit for Fortinet CVE-2022-42475 Black background with purple neon letters
Tech

May 17, 2023

A More Complete Exploit for Fortinet CVE-2022-42475

By Carl Livitt, Jon Williams

Security Vulnerability Gauge showing a low severity reading FileStack Upload Advisory
Advisory

Apr 04, 2023

Microsoft Intune, Version 1.55.48.0 Advisory

By Ben Lincoln

Gauge with medium severity reading for FlowscreenComponents Basepack, Version 3.0.7 Advisory. Mautic Version <=3.2.2 Advisory. eCatcher Desktop, Version 6.6.4 Advisory.
Advisory

Apr 04, 2023

Windows Task Scheduler Application, Version 19044.1706 Advisory

By Ben Lincoln

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.