Tag
#hardening
4 posts tagged #hardening.
-
Analysis · May 20, 2026 · Colten Anderson
The unlocked side door on your Cisco VPN was the default group nobody configured
CVE-2023-20269 let attackers brute-force Cisco ASA VPN credentials and establish unauthorized sessions, both by abusing default connection profiles that ship enabled. Akira and LockBit used it for initial access. The fix is patching plus hardening the defaults you never touched.
-
Analysis · May 20, 2026 · Colten Anderson
The Linux firewall bug your users can reach because you gave them a private root
CVE-2024-1086 is an nf_tables use-after-free that hands a local user root. The reason an unprivileged user can touch the kernel's packet-filtering engine at all is unprivileged user namespaces, and turning those off defuses a whole class of these bugs at once.
-
Analysis · May 20, 2026 · Colten Anderson
The Print Spooler keeps getting exploited. The fix is usually to turn it off.
PrintNightmare wasn't one bug. The KEV catalog holds a string of Print Spooler entries, from PrintNightmare to SpoolFool to the flaw APT28 paired with GooseEgg. They share a root cause, and for most servers the durable answer isn't a patch, it's disabling a service you don't need.
-
Field Note · May 15, 2026 · Colten Anderson
Nine PowerShell checks before you trust a Windows host
A short, native-PowerShell audit a Windows admin can run on any host in about ten minutes. The bad answers are unambiguous and the fixes are cheap.