Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! | DEVCORE 戴夫寇爾
Tags
attack-pattern: Data Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 7706c817-041a-4487-b9f2-626fd5176936
Fingerprint be3015d549024e8d
Analysis status DONE
Considered CTI value 0
Text language
Published July 17, 2019, midnight
Added to db Aug. 31, 2024, 1:35 a.m.
Last updated Nov. 17, 2024, 12:57 p.m.
Headline BLOG
Title Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! | DEVCORE 戴夫寇爾
Detected Hints/Tags/Attributes 46/1/10
Source URLs
Redirection Url
Details Source https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/
URL Provider
Details Provider Source level domain
Details devco.re devco.re
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 102 DEVCORE 戴夫寇爾 https://devco.re/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 5 
cve-2017-15944
Details Domain 98 
requests.post
Details Domain 9 
orange.tw
Details Domain 9 
bc.pl
Details Domain 1 
vpn.awscorp.uberinternal.com
Details File 4 
login.css
Details File 1 
logo_pan_158.gif
Details File 5 
hacked.txt
Details File 9 
bc.pl
Details Url 1 
https://sslvpn/global-protect/portal/css/login.css