Vulnerability Analysis

When critical vulnerabilities emerge, we break them down with technical depth — what happened, how it was exploited, and what you should do about it.

3 articles

Log4j Apache Log4j

Security Guidance for the Apache Log4j vulnerability (CVE-2021–44228)

Security guidance on the critical Apache Log4j JNDI injection vulnerability (CVE-2021-44228), covering how the exploit works, affected versions, and steps to detect and remediate it.

Appsecco · December 14, 2021 · 6 min

mimikatz Pentesting

Zerologon (CVE-2020–1472) detection, patching and monitoring

A technical overview of Zerologon (CVE-2020-1472), the CVSS 10 Windows Netlogon flaw that gives unauthenticated attackers domain admin — with detection, exploitation, patching, and monitoring guidance.

Appsecco · September 23, 2020 · 4 min

Lastpass Password Management

Security Analysis of LastPass credential leak — By bypassing do_popupregister()

A technical analysis of the LastPass browser extension credential leak discovered by Google Project Zero: how the do_popupregister() bypass works and what it exposes.

Appsecco · September 18, 2019 · 4 min

Want to know how we test for these issues in your product?

Get a Security Assessment