Privasec RED


What happens during a Red Team Attack Simulation?

Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.

But what actually happens during a Red Team and how does an Attack Simulation work in practise?

CVE-2020-3977: VMware Horizon DaaS Broken Authentication (MFA Bypass)

Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.

Scroll to Top