Latest from CoreLabs

Read blog posts from CoreLabs, the research division of Core Security. CoreLabs prides itself on taking a holistic view of information security with a focus on developing solutions to complex, real-world security problems that affect our customers.

Windows has been around a long time. After years of evolving from one version to another, it is rare to find vulnerabilities that allow remote code execution from Windows XP to Windows 8.1 (32 and 64-bit) without any user interaction. In this blog…

Read More

Introduction In February, just a few days after CVE-2015-0311 was found being exploited in the wild, a new Adobe Flash Player vulnerability popped up. Trend Micro and SpiderLabs have already published their analysis of the bug, but I thought it would be worth providing my…

Read More

At the beginning of March we published a blog post analyzing CVE-2015-0311, a Use-After-Free vulnerability in Adobe Flash Player, and we outlined how to exploit it on Windows 7 SP1 machines. As we mentioned at the end of that article, the exploitation process…

Read More

It’s not unusual to find firewall devices during a security assessment, which can make life harder for penetration testers. Modern firewall devices (Next Generation Firewalls aka NGFWs) are a far cry from simple traffic control systems. A NGFW is an integrated network platform…

Read More

On January 27, 2015, Qualys publicly released a security advisory in glibc’s gethostbyname set of functions, also known as GHOST, which exposes a heap-based buffer overflow affecting a wide range of operating systems and applications using glibc between versions 2.2 and 2.18. CVE-2015-0235…

Read More

At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player 16.0.0.287 and earlier versions. This vulnerability, identified as CVE-2015-0311, allows attackers to execute arbitrary code on vulnerable machines by enticing…

Read More

Occasionally we receive requests to develop Core Impact modules for specific vulnerabilities. Here, I'd like to dive into what that process looked like for CVE-2013-3200, Windows USB vulnerability included in MS13-081 bulletin a.k.a. Windows USB Descriptor Vulnerability. The vulnerability allows physically proximate attackers…

Read More

A great penetration tester always remembers to take physical security into account. With that in mind, we've added an interesting new feature to Core Impact Pro. The module, called “install Agent using Teensy board,” allows Core Impact Pro users to deliver a physical…

Read More

A few weeks ago a critical vulnerability (MS14-068) affecting Windows environments was published by Microsoft (credited to Tom Maddock and team). Specifically, the vulnerability affects Kerberos: [The vulnerability will] allow an attacker to elevate unprivileged domain user account privileges to those of the domain…

Read More

We've released an update to Core Impact Pro that adds a small (but interesting) new feature to one of our most popular modules. Users now have the ability to generate agent payloads that can be customized to specific targets by third party frameworks.…

Read More