Adrian Tiron
Adrian Tiron is the Co-Founder and Principal Pentester/Red Teamer at FORTBRIDGE, bringing over 20 years of hands-on experience in cybersecurity. Throughout his career, Adrian has worked with top-tier companies across the UK, US, and Europe, helping them identify and remediate complex security issues across web applications, APIs, cloud environments, and internal networks. His expertise spans offensive security, red teaming, and adversary emulation. As an active security researcher and blog author, Adrian has discovered and responsibly disclosed multiple critical vulnerabilities in both open-source projects and commercial platforms. His research has been featured at multiple BSides conferences, and most recently at BlueHat IL, organized by Microsoft in Israel. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security.
Session
Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications.