Router vulnerability reproduce the analysis of the second bomb: CNVD-2018-01084-vulnerability warning-the black bar safety net

Vulnerability information: D-Link DIR 615/645/815 router 1. 03 and previous firmware version is the presence of a remote command execution vulnerability. The vulnerability is due to service. the cgi in the splicing of the HTTP POST request data, causing background commands splicing, leading to...

Loading Kernel Shellcode

In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around...

chromium-browser: Insufficient protection of remote debugging prototol in DevTools

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

Google Android has an unspecified vulnerability (CNVD-2018-09753)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the Qualcomm SD 845 and SD 850 are central processing unit CPU products from Qualcomm. A security vulnerability exists in the Qualcomm closed-source component in Android, whic...

Microsoft Edge - 'OpenProcess()' ACG Bypass

Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02 MicrosoftEdgeCP!StartContentProcessExe+0x164 03...

Code injection

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, on a secure device, PD dumps are collected when debugging is not enabled...

Hunting down Dofoil with Windows Defender ATP

Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected customers from a massive Dofoil outbreak that we...

Encryption 101: Decryptor’s thought process

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrapping it up by going into detail on a ransomware with...

Design/Logic Flaw

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime...

CVE-2018-5454

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime...

CVE-2018-5454

CVE-2018-5454 affects Philips IntelliSpace Portal (all 8.0.x and 7.0.x). Vulnerability: leftover code debugging methods enabled, enabling remote arbitrary code execution atRuntime. Root cause: enabled debugging/debug code in ISP components. Exploitation status varies across sources; some document...

Dealing with Nessus logs

Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results. Let's see how we can troubleshoot Nessus scans without sending Nessus DB files to...

Denial of service vulnerability in GNU binutils 'display_debug_ranges' function

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A denial of service vulnerability exis...

GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability (CNVD-2018-05202)

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

Philips Intellispace Portal Arbitrary Code Execution Vulnerability

The Philips Intellispace Portal processes clinical images from different modalities and enables advanced visualization of images.ISP systems are deployed in the healthcare and public health sectors. An arbitrary code execution vulnerability exists in Philips Intellispace Portal, which can be...

CVE-2017-11634

An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456...

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

IE11: Use-after-free in String.localeCompare

There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: var vars = new Array2; function main vars0 = new Array1000000; vars1 =...

Tenable University: Nessus Certificate of Proficiency

Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...

CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...