Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

The foundation of VerSprite’s penetration testing methodology is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).

alt

Thank you for filling out a form!

Now you can download your resource file.

Download

WD My Cloud Command Injection – Remote Root with WebRTC

Western Digital My Cloud Command Injection

The WD My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from command injection and cross-site request forgery (“CSRF”) vulnerabilities. These and a number of other issues have been reported to Western Digital. 

WD My Cloud Injection
 

 
As of September 11, 2015 updates are in the process of being rolled out for the My Cloud, My Cloud Mirror, EX2, DL2100, and other devices. The firmware will be made available to the general public September 21st 2015.

Offensive Minded Security Exploit Development

VerSprite’s Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies. Our clients rely on VerSprite’s unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors. From advanced technical security training to our research for hire B.O.S.S offering, we help organizations solve their most complex technical challenges. Learn more →

Subscribe for Our Updates

Subscribe for Our Updates

Please enter your email address and receive the latest updates.