Active Exploitation of SAP NetWeaver Systems — Our Recommendation for Local Scans

by Florian Roth | Apr 28, 2025

In recent days, major security companies such as ReliaQuest and Onapsis have disclosed the active exploitation of CVE-2025-31324, a critical vulnerability in SAP NetWeaver’s Visual Composer component. The vulnerability allows unauthenticated attackers to upload...

Scanning for Indications of MOVEit Transfer Exploitation with THOR Lite

by Florian Roth | Jun 3, 2023

On June 1st, the vendor of MOVEit Transfer, previously known as Ipswitch but now called Progress, announced the discovery of a critical security vulnerability that has been exploited. MOVEit is an enterprise software utilized by numerous organizations globally for...

Silent Scanning – Compromise Assessment with THOR Lite on a Compromised Exchange 2019 Server

by Florian Roth | Sep 1, 2021

The following video shows a compromise assessment with our free THOR Lite scanner on a Microsoft Exchange 2019 server detecting ProxyShell and ProxyToken exploitation. We've done no post-editing in this video. You can jump to all findings using the video chapters....

Blog

Active Exploitation of SAP NetWeaver Systems — Our Recommendation for Local Scans

Scanning for Indications of MOVEit Transfer Exploitation with THOR Lite

Silent Scanning – Compromise Assessment with THOR Lite on a Compromised Exchange 2019 Server