Jake

21 posts

Jake

@inkmoro

Principal Security Researcher @ watchTowr

United Kingdom Katılım Kasım 2021

523 Takip Edilen225 Takipçiler

Jake retweetledi

Swissky@pentest_swissky·3 Ara

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - Jake Knott (@inkmoro) labs.watchtowr.com/stop-putting-y…

English

1.8K

Jake@inkmoro·18 Eki

👀

ART

258

Jake retweetledi

watchTowr@watchtowrcyber·6 Eki

The watchTowr team has broken down the Oracle EBS unauth RCE exploit chain (tagged as CVE-2025-61882). Important to note: it is not one vulnerability, but multiple chained together. As always, we'll share more soon.

English

334

31.9K

Jake retweetledi

watchTowr@watchtowrcyber·4 Tem

Are we bleeding out? Enjoy our analysis of CitrixBleed 2, aka CVE-2025-5777 - the "new" Citrix NetScaler Memory Leak vulnerability. We've been using this mechanism to identify vulnerable systems, and hope it helps the teams that need it.. enjoy! labs.watchtowr.com/how-much-more-…

English

205

22.5K

Jake@inkmoro·7 May

This was extremely fun, any chance to collaborate with @SinSinology normally results in 🔥!

SinSinology@SinSinology

This was hella fun, together with my colleague Jake (@inkmoro) we worked on this target, chaining pre-auth XXE(s) that allowed for limited file read to leak the plain-text admin password! After that, a post-auth command injection for RCE as NT SYSTEM (^_^)

English

843

Jake retweetledi

watchTowr@watchtowrcyber·4 Şub

8 million requests, $400 later - we’re back. 🚀 We have demonstrated supply chain attacks that could have allowed us to trivially compromise critical infra. networks, including .gov, .mil, and more. This is real Attack Surface Management. labs.watchtowr.com/8-million-requ…

English

272

56.1K

Jake retweetledi

watchTowr@watchtowrcyber·27 Oca

happy Monday! We've released our analysis and Detection Artifact Generator for Fortinet's CVE-2024-55591... labs.watchtowr.com/get-fortirekt-…

English

161

14.5K

Jake retweetledi

watchTowr@watchtowrcyber·11 Ara

You knew it was coming… Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623) labs.watchtowr.com/cleo-cve-2024-…

English

110

12.9K

Jake retweetledi

watchTowr@watchtowrcyber·11 Ara

watchTowr Labs is back - this time, reproducing the ITW exploited Cleo vulnerabilities (CVE-2024-50623). Here’s a teaser before we drop the PoC 😀

English

189

31.1K

Jake retweetledi

watchTowr@watchtowrcyber·5 Ara

👀 we’ve watched APTs recently ravage lawful interception systems, and wanted our own capabilities… Join us on a journey today into Mitel’s MiCollab - that originally started to reproduce CVE-2024-35286, and quickly unravelled into more… labs.watchtowr.com/where-theres-s…

English

7.7K

Jake retweetledi

watchTowr@watchtowrcyber·19 Kas

in today's 'no way, is it real?' we found out that Palo Alto's PAN-OS CVE-2024-0012 and CVE-2024-9474 were the equivalents of saying 'turn off auth and give me a shell'. Enjoy! labs.watchtowr.com/pots-and-pans-…

English

168

430

101.6K

Jake retweetledi

watchTowr@watchtowrcyber·14 Kas

hop skip jump over to our latest blog post - analysing Fortinet's FortiJump CVE-2024-47575, FortiJump-Higher (we love this name😄) and beyond (PoC included) labs.watchtowr.com/hop-skip-forti…

English

168

31.1K

Jake retweetledi

watchTowr@watchtowrcyber·12 Kas

thank you Citrix for democratising Remote Desktop access Before we hop skip JUMP to Friday (stop downplaying please) labs.watchtowr.com/visionaries-at…

English

178

37.6K

Jake@inkmoro·22 Eki

@SinSinology @thezdi 🔥🔥so well deserved! huge congrats!🥳

English

123

SinSinology@SinSinology·22 Eki

🔥 Have to say, ZDI (@thezdi) and all of its members: without you folks, this wouldn't have been possible

TrendAI Zero Day Initiative@thezdi

Video highlights from Day 1 of #Pwn2Own Ireland: @SinSinology SOHO Smashup - going from the QNAP QHora-322 to the TrueNAS Mini X youtube.com/shorts/jdxNXt4…

English

7.1K

Jake retweetledi

watchTowr@watchtowrcyber·11 Eyl

In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

English

126

344

49.5K

Jake@inkmoro·9 Eyl

I work with some insanely talented people, have a read of the latest 🔥 👀:

watchTowr@watchtowrcyber

Happy Monday! watchTowr Labs member @SinSinology deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀 labs.watchtowr.com/veeam-backup-r… We hope you enjoy it! (as always, where there's smoke - there is fire 😉 for next time..)

English

237

Jake retweetledi

watchTowr@watchtowrcyber·25 Haz

Progress just un-embargoed a very closely guarded auth bypass in MOVEit Transfer's SFTP mechanism - CVE-2024-5806. We were lucky enough to receive a tip-off :-) Enjoy our analysis, we had a lot of fun. labs.watchtowr.com/auth-bypass-in…

English

177

37.8K

Jake retweetledi

Aliz (they/them pls)@AlizTheHax0r·30 May

holy moly, replicated #CVE-2024-24919 (the checkpoint bug) and it's WAY more than the advisory states. :/

English

215

55.5K

Jake retweetledi

watchTowr@watchtowrcyber·16 Nis

Another week, another SSLVPN RCE - this time, it's CVE-2024-3400 in Palo Alto's GlobalProtect. But, we've seen no public analysis 🙁 so, allow us.. labs.watchtowr.com/palo-alto-putt…

English

243

46.1K

Jake retweetledi

watchTowr@watchtowrcyber·12 Nis

Join us on our recent journey, exploiting unauthenticated AJP smuggling vulnerabilities in IBM's QRadar - with included detection artefactor generator tools :-) Who needs XZ backdoors????? labs.watchtowr.com/ibm-qradar-whe… #attacksurfacemanagement

English

Keşfet

@SinSinology @thezdi @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA