docPrint Pro 8.0 - SEH Buffer Overflow

docPrint Pro 8.0 - SEH Buffer Overflow import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link:...

docPrint Pro 8.0 SEH Buffer Overflow

import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the...

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Exploit

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams

BLUESPAWN helps blue teams monitor Windows systems in real-time against active attackers by detecting anomalous activity Why we made BLUESPAWN We've created and open-sourced this for a number of reasons which include the following: Move Faster : We wanted tooling specifically designed to quickly...

Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs

Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows specifically this was developed and tested on Windows 10 17763. Bochs is used for providing deep...

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

Update April 30: Following the release of our four-part CARBANAK Week blog series, many readers have found places to make the data shared in these posts actionable. We have updated this post to include some of this information. In the previous installment, we wrote about how string hashing was us...

The RPC vulnerability mining case studies in under-vulnerability warning-the black bar safety net

In the RPC vulnerability mining case study on a text, we show you how to use the different tools available and online resources in the Windows RPC server found potential security risks Microsoft Universal Telemetry Client vulnerability,。 In addition, we also demonstrated to the RPC server for the...

McAfee GetSusp VersionInfo Parsing Denial of Service Vulnerability

Summary An exploitable Denial of Service vulnerability exists in the file scanning functionality of McAfee GetSusp 3.0.0.461. A specially crafted executable can cause an infinite loop resulting in a Denial of Service. An attacker can scan this executable to trigger this vulnerability. Tested...

Frida-Wshook - Script Analysis Tool Based On Frida.re

frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn't implement function stubs or proxies within the targeted scripting...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...

Code injection

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

CVE-2015-3442

CVE-2015-3442 affects Xpert.Line 3.0 (Xpert.Center) from Soreco AG. The vulnerability arises from a client‑side authentication mechanism that uses the Windows API getUserNameA from advapi32.dll to authenticate the user. An attacker who can intercept this API call can impersonate other users and g...

Microsoft Windows - nt!NtQueryInformationJobObject (information class 28) Kernel Stack Memory Disclo

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information...

Remote Symbol Resolution

Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After...

InjectProc - Process Injection Techniques

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors. There are several techniques, which are commonly used: DLL injection, process replacement a.k.a process hollowing, hook injection and APC injection. Most of them use same Windows...