Latest from CoreLabs

  • Home
  • Latest from CoreLabs

Read blog posts from CoreLabs, the research division of Core Security. CoreLabs prides itself on taking a holistic view of information security with a focus on developing solutions to complex, real-world security problems that affect our customers.

04

Mar

Exploiting CVE-2015-0311: A Use-After-Free in Adobe Flash Player

At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player 16.0.0.287 and earlier versions. This vulnerability, identified as CVE-2015-0311, allows attackers to execute arbitrary code on vulnerable machines by enticing…

Read More

27

Feb

Analysis of Windows USB Descriptor Vulnerability - MS13-081 (CVE-2013-3200)

Occasionally we receive requests to develop Core Impact modules for specific vulnerabilities. Here, I'd like to dive into what that process looked like for CVE-2013-3200, Windows USB vulnerability included in MS13-081 bulletin a.k.a. Windows USB Descriptor Vulnerability. The vulnerability allows physically proximate attackers…

Read More

16

Jan

Core Impact Pro Knows Arduino-Based Attacks

A great penetration tester always remembers to take physical security into account. With that in mind, we've added an interesting new feature to Core Impact Pro. The module, called “install Agent using Teensy board,” allows Core Impact Pro users to deliver a physical…

Read More

09

Dec

Early Release Exploit for MS14-068 Vulnerability (Affecting Kerberos)

A few weeks ago a critical vulnerability (MS14-068) affecting Windows environments was published by Microsoft (credited to Tom Maddock and team). Specifically, the vulnerability affects Kerberos: [The vulnerability will] allow an attacker to elevate unprivileged domain user account privileges to those of the domain…

Read More

12

Nov

Using Core Impact Pro Payloads with Third Party Frameworks

We've released an update to Core Impact Pro that adds a small (but interesting) new feature to one of our most popular modules. Users now have the ability to generate agent payloads that can be customized to specific targets by third party frameworks.…

Read More

25

Sep

Bash Bug, Shellshock, CVE-2014-6271…

We can’t agree on a name, but we can agree it’s a big deal. What is this thing?Many are saying this vulnerability could be bigger than Heartbleed. From my perspective, Heartbleed was a bit more troubling due to the affected component and the massive…

Read More

24

Sep

For Skype and other affected applications: A workaround for "Embarcadero VCL Library Heap Overflow"

I've been thinking about the problems that occur when a new vulnerability appears, and how vendors and users react in these situations. In cases where a vulnerability is found in a specific program, the vendor is responsible for finding a fix and distributing the patched…

Read More

20

Aug

Our Latest Vulnerability Advisory: Delphi and C++ Builder VCL library Buffer Overflow

We've released a new vulnerability advisory. For those who aren’t familiar with Core Security’s advisories, this research is conducted by CoreLabs in an effort to expose security gaps before adversaries find them. Upon discovering a vulnerability, we work with the affected organization and…

Read More

25

Mar

MS14-006: "Microsoft Windows TCP IPv6 Denial of Service Vulnerability"

Hi everyone, I would like to make some comments about the Microsoft MS14-006 update. In the last February Patch Tuesday, Microsoft released a fix for the TCP Windows driver (tcpip.sys). According to the patch bulletin "https://technet.microsoft.com/en-us/security/bulletin/ms14-006" only Windows 8 and Windows 2012 were…

Read More

23

Jan

Introducing Sentinel, a 32-bit Anti-Exploit Tool From CoreLabs

In this blogpost I would like to introduce you to Sentinel, an anti-exploit tool, and share two demos with you. Sentinel is a 32-bit anti-exploit tool that I have been developing for some time which I presented in "Ekoparty" security conference at the end…

Read More