On June 5, 2024, SolarWinds released an advisory regarding a path-traversal vulnerability in their “secure” file-transfer product, Serv-U. I wrote about it here back in mid-June when it was fairly recently released. So here we are, three months later - you might be wondering why we’re still talking about this! When the vulnerability was new, I put a lot of work into crafting a very realistic honeypot that not only looks like the product, it also fakes out the filesystem to make it actua...
