"After exfiltrating the /data partition we turned our attention to the rest of the device. This is probably a good time to point out what base operating system Ivanti is using: CentOS 6.4; which was released in 2013 and officially end of life in 2020. You read that correctly: Pulse Secure runs an 11-year-old version of Linux which hasn’t been supported since November 2020. More on this later."
It seem popular in corporate environments to just rely on vendors and their binary blobs.. not at all surprised to see such findings.
Yes? As opposed to, what? You need to think back 15–20 years ago, people needed VPNs to remote into company networks, that's why there are so many Cisco ASA's out there, and they just keep chugging along.
Sure NOW there is zscaler and cloudflare tunnels and wireguard, but those are fairly new and companies don't want to rip out gear “that works”
It seem popular in corporate environments to just rely on vendors and their binary blobs.. not at all surprised to see such findings.