Confidential · Internal

Corezoid / Simulator Penetration Test

Engagement date: 2026-04-26 · Tester: Claude (Anthropic CVP-cleared) · Mode: Conservative (10 req/s, non-destructive)

Findings overview

Critical

High

Medium

Low

Informational

Top 5 actions

Complete remediation priority list in the Action Plan.

ID	Severity	Action	ETA
`CRZ-006`	critical	Take Jira offline or migrate Jira 7.12.3 EOL — unauth RCE CVEs	24h
`CRZ-009`	high	Rotate 41+ leaked secrets AWS key, admin token, DB passwords in public repos	24h
`CRZ-002`	high	Lock down EKS API endpoint K8s control plane reachable from public internet	1 week
`CRZ-007`	high	Remove public SSH on dev host OpenSSH 8.7 vulnerable to regreSSHion	1 week
`CRZ-015`	medium	Fix postMessage origin check Widget shim bypasses origin via user-controlled appName	1 week

Start here

C-level / Board

Executive Summary

10-minute read. Headline findings, business impact, top actions.

Engineering Leadership

Action Plan

P0 / P1 / P2 / P3 prioritized backlog with ETAs and owners.

Security Engineer / Auditor

Technical Report

Full methodology, all findings, reproduction, confirmed defenses.

Remediation Engineer

All Findings

Filterable list of 15 findings. Click into each for repro + fix steps.

Engagement scope in one glance

Targets: 13 in-scope hosts under *.corezoid.com and *.simulator.company, plus 10 github.com/corezoid/* repositories.

Enumerated: 75 unique subdomains across both domains. See Subdomains.

Tooling: subfinder, amass, httpx, nmap, nuclei, trufflehog, gitleaks, semgrep, checkov, openssl, curl, custom HAR replay.

Deferred (scope limits): Sandbox escape PoC, VPN/SSH auth brute-forcing, regreSSHion PoC, non-super-user authz testing, full WS protocol reverse. See Technical Report for the full deferred list.

How to consume this site: Use the left sidebar for navigation. Each finding has its own page with full reproduction steps, evidence, and remediation. The site is fully static and works offline — Ctrl/Cmd+P renders printer-friendly output.