November 2020 archive

Parallels RAS Username Enumeration Flaw (CVE-2017-9447 Strikes Again?)

Earlier in the year I was assessing a network that contained a Parallels Remote Application Server (RAS). Parallels RAS is a remote working solution that provides access to virtual desktops and applications. It can run on both Windows and Linux and is typically seen on the standard HTTPS port. The platform has previously been affected …

Continue reading

SSLurry – A Nessus SSL Issues Parser

SSLurry – A quick and dirty .nessus file parser to extract hosts/services affected by SSL related issues. I’ve been testing on a large number of heavily populated internal subnets recently. Accurately reporting SSL protocol/cipher and certificate related issues can be time consuming in such scenarios, time that can be utilised more effectively identifying issues not …

Continue reading