OUR LATEST RESEARCH
CVE-2022-30211: Windows L2TP VPN Memory Leak and Use after Free Vulnerability
Nettitude discovered a Memory Leak turned Use after Free (UaF) bug in the Microsoft implementation of the L2TP VPN protocol. The vulnerability affects most server and desktop versions of Windows, dating back to Windows Server [...]
Offensive Security: From OSCE to OSCE3
OSCE3 (Offensive Security Certified Expert 3) is a certification from Offensive Security which has replaced the (now retired) OSCE certification. This post explores a pentester's journey from being OSCE certified to becoming OSCE3 certified. Way [...]
CVE-2022-24004 & CVE-2022-24127: Vanderbilt REDCap – Stored Cross Site Scripting
Nettitude identified two stored Cross Site Scripting (XSS) vulnerabilities within Vanderbilt REDCap. These have been assigned CVE-2022-24004 & CVE-2022-24127. REDCap is a web application which allows the creation and management of online surveys for research [...]
CVE-2022-23270 – Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 2)
Following yesterday's Microsoft VPN vulnerability, today we're presenting CVE-2022-23270, which is another windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering and fuzzing the raspptp.sys kernel driver. This presents attackers with [...]
CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 1)
CVE-2022-21972 is a Windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering the raspptp.sys kernel driver. The vulnerability is a race condition issue and can be reliably triggered through sending crafted [...]