Blog Post

The Human Connection Blog
1 MIN READ

New CTI Labs: Palo Alto Expedition Critical Vulnerabilities

KevBreen's avatar
KevBreen
Icon for Immerser rankImmerser
8 months ago

Today, we have released two brand new CTI labs which cover the new critical vulnerabilities recently disclosed affecting Palo Alto's Expedition software.

CVE-2024-5910 (Palo Alto Expedition) - Defensive

Identify signs of exploitation in event logs and extract indicators of compromise

CVE-2024-5910 (Palo Alto Expedition) - Offensive

Use publicly available Proof of Concept code to exploit the vulnerabilities gaining access to sensitive data

What is Expedition and Why should you care?

The flaws were found in Palo Alto Networks' Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. This application can be exploited to access sensitive data, such as user credentials, that can help take over firewall admin accounts significantly impacting the security of an organisations network. These labs provide steps to identify any potential signs of exploitation and detail how the exploit functions.

Who is it for?

  • Incident responders
  • SOC analyst
  • CTI Analysts
  • Threat Hunters
  • Red Teams
  • Pen testers
  • Offensive Security professionals
Complete CVE-2024-5910 (Palo Alto Expedition) - Defensive here
Complete CVE-2024-5910 (Palo Alto Expedition) - Offensive here
Updated 8 months ago
Version 1.0
content updates
cyber pro
cyber threat intelligence
KevBreen's avatar
Icon for Immerser rankImmerser
Kev Breen currently serves as Senior Director of Cyber Threat Research at Immersive, where he helps organizations assess, build, and prove their Cyber Workforce Resilience. He is a renowned expert on new and emerging threats. Prior to his time at Immersive , Breen spent 15 years in the military with the Royal Signals, starting as a radio technician repairing radio electronics and communications, before moving on to digital networks specialising as a malware analyst protecting UK MOD networks against cyber attacks. With over two decades of experience in IT and cybersecurity, Breen has learned the tradecraft for defensive, offensive, and deceptive cyber operations. Breen has conducted extensive open-source research, including creating and releasing toolkits for network defenders, mainly for malware analysis and decryption, as well as writing the YARA rules, which are still recommended by VirusTotal. Breen’s open-source research gets a lot of attention, not only from the cybersecurity community, but also from the threat actors themselves.
View Profile
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.
No CommentsBe the first to comment