Resources

Article

Making something out of Zeros: Alternative primitive for Windows Kernel Exploitation

While working on the NVIDIA DxgDdiEscape Handler exploit, it became obvious that The GDI primitives approach discussed the last couple of years would be of no help to reliably exploit this vulnerability. So we came up with another solution: We could map some specially chosen virtual addresses...

Article

The Unpatched LSASS Remote Denial of Service (MS16-137)

In November 8, 2016 Microsoft released a security update for Windows Authentication Methods (MS16-137) which included 3 CVEs: Virtual Secure Mode Information Disclosure Vulnerability CVE-2016-7220 Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2016-7237 Windows NTLM Elevation of Privilege Vulnerability CVE-2016-7238 Talking specifically about CVE-2016-7237, this‚Ä¶

Article

Getting Physical: Extreme abuse of Intel based Paging Systems - Part 3 - Windows HAL's Heap

Continuing with my Getting Physical blog posts series (CanSec2016’s presentation), in this third episode I’m going to talk about how Windows Paging is related to the HAL's heap and how it can be abused by kernel exploits. This is probably the simplest way of abusing Windows paging structures, because deep knowledge about how Intel paging works is not necessary to implement the attack.

Article

Getting Physical: Extreme abuse of Intel based Paging Systems - Part 2 - Windows

Continuing with the previous Getting Physical blog posts series (CanSec2016's presentation), this time I'm going to talk about what paging implementation has been chosen by Windows and how it works. At the same time and according to Alex Ionescu's blog post, it's interesting to see that Microsoft has...

Article

Exploiting Internet Explorer's MS15-106, Part I: VBScript Filter Type Confusion Vulnerability (CVE-2015-6055)

In October 13, 2015 Microsoft published security bulletin MS15-106, addressing multiple vulnerabilities in Internet Explorer. Zero Day Initiative published advisory ZDI-15-521 for one of those vulnerabilities affecting IE...

Article

Abusing GDI for ring0 exploit primitives

Every once in a while I get to work on something special, something that leaves me with the keys to open new doors. Introduction: Not long ago I came across a certain font related vulnerability, it was a 0day being exploited in the wild...

Article

Exploiting CVE-2015-0311, Part II: Bypassing Control Flow Guard on Windows 8.1 Update 3

At the beginning of March we published a blog post analyzing CVE-2015-0311, a Use-After-Free vulnerability in Adobe Flash Player, and we outlined how to exploit it on Windows 7 SP1 machines...

Article

MS15-083 - Microsoft Windows SMB Memory Corruption Vulnerability

On August 11, 2015 Microsoft released 14 security fixes, including an SMB Server fix. In this post I'll explain how I triggered the SMB Server bug. Microsoft Security Bulletin MS15-083: Of all the available patches...

Article

Early Release Exploit for MS14-068 Vulnerability (Affecting Kerberos)

A few weeks ago a critical vulnerability (MS14-068) affecting Windows environments was published by Microsoft (credited to Tom Maddock and team). Specifically, the vulnerability affects Kerberos. [The vulnerability will] allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.

Article

Exploiting CVE-2015-0311: A Use-After-Free in Adobe Flash Player

At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player 16.0.0.287 and earlier versions. This vulnerability, identified as CVE-2015-0311, allows attackers to execute arbitrary code...

Article

Linux Flash for Newbies: How Linux Works with Flash

In the first series of this introduction to Linux and flash, we began with a basic lesson on flash memory. In part two, we can begin to tackle how Linux interacts with it. From this point forward, we’ll focus on NAND flash, with the following assumptions...

Article

Linux Flash for Newbies: Flash Memory Basics

During hardware-oriented engagements, we are sometimes faced with a hardware device's firmware image. This may happen because we downloaded a firmware upgrade image to try to understand a device with a view of finding security flaws...

Article

Bypassing CVE-2018-15442: Another Case of DLL Hijacking

As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A vulnerability in the update service of Cisco WebEx Meetings Desktop App for Windows.

Video

The Truth About Viruses on Linux

Wed, 05/20/2020

There are many myths about viruses and Linux—including the belief that the system is immune. A startling increase in malware, ransomware and malicious code targeting Linux systems of all shapes and sizes means the days of believing it’s “just a Windows thing” are over. In reality, Linux is becoming a lucrative target. It’s time to take action to protect your Linux environment and surrounding...

Video

Why Endpoint Antivirus Belongs in Your Security Environment

Wed, 05/20/2020

Most organizations are vigilant about scanning their workstation PCs. Unfortunately, malware and other destructive entities can just as easily target your servers, both on-premise or in the cloud, so many environments remain unprotected. Endpoint antivirus software is used to provide virus protection to endpoints, like servers, which connect to enterprise networks. Endpoint antivirus software...

Guide

2020 Malware Report

The Challenge of Malware: Finding Long Term Solutions for a Chronic Problem No matter how much technology progresses, malware continues to be a consistent menace that never seems to grow outdated. No matter how long the fight against malware has been, there is always more to learn in order to better safeguard against attacks. Finding out what other organizations are experiencing, and how they're...

Guide

Penetration Testing Toolkit

Safeguard your infrastructure and data With today’s constantly-shifting threat landscape, most organizations know they must employ offensive security measures like penetration testing to stay a step ahead of attackers. Based on our years of experience helping organizations manage security risks across the enterprise, we’ve compiled a collection of penetration testing tools and resources to set you...

Guide

Identity and Access Toolkit

Reduce identity related risk Implementing a strong identity governance and administration (IGA) program is crucial to any enterprise organization. Data is everywhere, but so are users. To protect your organization and reduce identity-related access risks, organizations must properly manage access to systems, applications, and devices. Based on our years of experience helping organizations manage...

Guide

Making the Case for Identity Governance

Building a Business Case for Identity Governance Solutions Organizations are facing increasing demands to protect the devices and systems critical to the business and are pressured to meet ongoing regulatory compliance. It's time to invest in intelligent identity governance solutions—but you need a solid business case to justify it. Download this step-by-step guide to learn how to: Define the...

Guide

Intelligent Identity and Access Management eBook

Leverage Intelligent IAM to help keep your organization’s identities and accounts secure Identity and Access Management (IAM) systems provide the capability to create and manage user accounts, roles, and access rights for individual users in an organization. They typically incorporate user provisioning, password management, policy management, access governance, and identity repositories in an...

Making something out of Zeros: Alternative primitive for Windows Kernel Exploitation

The Unpatched LSASS Remote Denial of Service (MS16-137)

Getting Physical: Extreme abuse of Intel based Paging Systems - Part 3 - Windows HAL's Heap

Getting Physical: Extreme abuse of Intel based Paging Systems - Part 2 - Windows

Exploiting Internet Explorer's MS15-106, Part I: VBScript Filter Type Confusion Vulnerability (CVE-2015-6055)

Abusing GDI for ring0 exploit primitives

Exploiting CVE-2015-0311, Part II: Bypassing Control Flow Guard on Windows 8.1 Update 3

MS15-083 - Microsoft Windows SMB Memory Corruption Vulnerability

Early Release Exploit for MS14-068 Vulnerability (Affecting Kerberos)

Exploiting CVE-2015-0311: A Use-After-Free in Adobe Flash Player

Linux Flash for Newbies: How Linux Works with Flash

Linux Flash for Newbies: Flash Memory Basics

Bypassing CVE-2018-15442: Another Case of DLL Hijacking

The Truth About Viruses on Linux

Why Endpoint Antivirus Belongs in Your Security Environment

2020 Malware Report

Penetration Testing Toolkit

Identity and Access Toolkit

Making the Case for Identity Governance

Intelligent Identity and Access Management eBook

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum