Hello and welcome to the Wednesday, September 20th,

2000, 23 edition of the Sands and at Storms owners Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

So an interesting URL worked its way up in our first scene list.

This is a list of URLs that were detected by our honeypots,

but not seen before in this particular form. What it looks like is that someone is looking for

Adobe Experience Manager. This is a content management system. It had in the past numerous vulnerabilities

that also have been exploited. Now, this is one of those big enterprise systems, and it actually

comes with, well, what it calls dispatcher, which is a load balancer and also a web application

firewall. If you read on exploitation of these Adobe

Experience Manager vulnerabilities, they usually talk somewhat about how to bypass this particular

filter. This latest URL that we have seen looks like a variation of an older vulnerability

they're trying to find here. Nothing new and super current older vulnerability they're trying to find here.

Nothing new and super current.

But they're trying to do a little bit a directory traversal style evasion, I believe.

That's sort of the point really of these scans to get past some of these filters.

If anybody's more familiar with Adobe Experience Manager,

wouldn't mind any insight into what exact vulnerability they're trying to exploit here.

And if this is something that would actually work.

Sometimes, of course, attackers are trying these things,

and the attack themselves may not necessarily have any effect.

Regardless, if you're using Adobe Experience Manager, double check that you're up to date.

...