CoreLabs Articles

Read articles from CoreLabs, the research division of Core Security. CoreLabs prides itself on taking a holistic view of information security with a focus on developing solutions to complex, real-world security problems that affect our customers.


May 17, 2015
Windows has been around a long time. After years of evolving from one version to another, it is rare to find vulnerabilities that allow remote code execution from Windows XP to Windows 8.1 (32 and 64-bit)...
Mar 24, 2015
At the beginning of March we published a blog post analyzing CVE-2015-0311, a Use-After-Free vulnerability in Adobe Flash Player, and we outlined how to exploit it on Windows 7 SP1 machines...
Mar 3, 2015
At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player and earlier versions. This vulnerability, identified as CVE-2015-0311, allows attackers to execute arbitrary code...
Dec 8, 2014
A few weeks ago a critical vulnerability (MS14-068) affecting Windows environments was published by Microsoft (credited to Tom Maddock and team). Specifically, the vulnerability affects Kerberos. [The vulnerability will] allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
Dec 15, 2010
Oftentimes after using Network Information Gathering, we are still left with a number of devices that may reflect an "Unknown" OS. With the saturation of these devices in the market today, there is a good chance there may be some located on your network. By identifying these devices we can also potentially expand our attack surface and gain other useful information. So, where do we start? We may as well create a new search folder so that only the machines that reflect "unknown" under the OS column can be viewed.
Aug 10, 2009
Alfredo Ortega and Anibal Sacco presented their findings in Absolute Software’s Computrace “persistent agent” as part of their ongoing research on BIOS rootkits at Black Hat USA 2009. Before I dig into some technicalities of the findings of Alfredo and Anibal, let me dispel any doubts about the disclosure process that we followed. The vendor was made aware of the report and upcoming presentation several weeks prior to Black Hat by at least three separate sources.
Dec 27, 2006
In our last installment, I gave you a final hunk of code with several function calls and decided to let you stew for a week before revealing what was going on under the hood. Well, you’ve stewed for a week, so let’s review.
Dec 20, 2006
Last week, we discussed exactly what we’ll be building and got some of the boilerplate done along the way. I’m sure that you dug into the modules that I strongly hinted that you take a look at for inspiration. To review, this module will need to:
Dec 13, 2006
In this installment, we’ll start diving into the anatomy of an Impact module where you'll get the opportunity to absorb some of the features and implications before we dive into building something real and useful. In the course of conducting penetration tests, we often come across password hashes of various types. We can sometimes use these without cracking them, but, it is often useful and necessary to crack those hashes. Why? You may ask.