Adversary Emulation w/ Carlos Perez - PSW #789
Security Weekly Podcast Network (Audio)
00:00
The Impact of Local Checks on Nessus
The Nessus agent was going to do more of what I would call, I forget what Tenable's termed for. It was more checking configurations. One of those local checks executed command, in this case, this plugin executes the Java command. And it turns out there was a flaw in the way that command is being executed. If an attacker replaced the Java binary with a binary they're choosing, that binary would get executed and essentially allow it to elevate privileges.
Play episode from 01:12:04
Transcript
