Β In this blog post, we will analyze the UAF vulnerability in the Linux mctp component and possible exploitation scenarios in detail. We will show the necessary steps to prepare...
The post Exploit with VS- Labs. CVE-2023-3439: Analyzing UAF Vulnerability in Linux MCTPΒ appeared first on VerSprite.
Intro VerSprite VS-Labs Research team discovered an interesting integer arithmetic bug within the Windows Kernel Ancillary Function Driver (AFD.sys) while performing N-day analysis after Microsoft Patch Tuesday. Within this blog...
The post AFD.sys β Primitives in The Pocket | Integer Shenanigans appeared first on VerSprite.
In this blog, we dive into and show how attackers could combine the 0day CVE-2020-0986 with the 0day in IE browser to achieve privilege escalation and then execute code remotely. Now, Maddie Stone, a security researcher on Google's Project Zero team, found that an attacker can still trigger CVE-2020-0986 and elevate kernel privileges by sending an offset instead of a pointer.
The post Printer Spooler Bug Research appeared first on VerSprite.
in this blog, we show POC Windows LPE CNG.sys CVE-2020-17087: root cause + patch analysis + reduction of crashing sample to be a 1 liner
The post Windows Kernel Drive Vulnerability Research:Β Β CVE-2020-17087 appeared first on VerSprite.
The aim of this research is to uncover the vulnerabilities of the keyless smart cars as well as to hack and exploit them through the technologies like software defined radio (SDR) and devices GNURadio and HackRF.
The post Exploiting Smart Cars Using SDR appeared first on VerSprite.
This blog continues Part I of the android exploitation experiment. We build a proof-of-concept code with an Android NDK. UAF vulnerability (CVE-2019-2215)
The post Exploring Android Vulnerabilities and Binder: Part II appeared first on VerSprite.
This blog post will trigger a UAF vulnerability (CVE-2019-2215) in Binder from scratch. After preparing the necessary environment and tools, we will reach the KASAN output with the POC exploit.
The post Exploring Android Vulnerabilities and Binder: Part I appeared first on VerSprite.
This research series examined the Linux OS in detail and discussed everything from its architecture to the drivers and even the exploits. Today, we conclude the comprehensive research of Linux with an overview of its main elements.
The post Part 6: Comprehensive Research of Linux Operating System appeared first on VerSprite.
To summarize again briefly, syscall is an instruction that lowers the privilege level of the currently running application to 0 and allows the program to be performed in higher privilege using the required registers. In this section, we look at the Syscall instruction at the assembly level and try to analyze it in detail.
The post Part 5: Comprehensive Research of Linux Operating System appeared first on VerSprite.
We already know that the entire Linux operating system is written in C. And not just the operating system, but many binaries that run on it are written in C. Although there are multiple reasons for this, the main reason is that C is a very fast and powerful language.
The post Part 4: Comprehensive Research of Linux Operating System appeared first on VerSprite.
As we discussed in the previous parts, the Linux Kernel is a collection of code written entirely in C. This is important to keep in mind while we are dealing with the attack floats because the vulnerabilities found in the Linux Kernel can be found in any executable file written using the C programming language.
The post Part 3: Comprehensive Research of Linux Operating System appeared first on VerSprite.
In this section, we explore how these boundaries and privileges are shaped and even how they can change. We analyze User Mode and Kernel Mode, what the modes were developed for, and how the two are related.
The post Part 2: Comprehensive Research of Linux Operating System appeared first on VerSprite.
In the next series of articles, we conduct extensive research on Linux operating system. We do a deep dive into its architecture, strengths, vulnerabilities, and optimal ways to mitigate threats to the system
The post Comprehensive Research of Linux Operating System appeared first on VerSprite.
VerSprite's security researchers explain common security vulnerabilities found in programming languages including: Python, JavaScript, PhP, Java, C, C++, and Swift. Plus, get advice for choosing which programing language is best for your application.
The post Security Vulnerability Classes in Popular Programming Languages appeared first on VerSprite.
Google's newest OS, Fuchsia, is praised as being more secure than others already on the market. In this article and video, VerSprite dives into Google's Fuchsia OS to determine why the architecture and microkernel allow it to be more secure than Android, Apple, or Windows.
The post Google Fuchsia OS Sets a New Standard for Operating System Security appeared first on VerSprite.
VerSprite's Security Research team found a high-risk vulnerability in NETGEAR's popular gaming router. This vulnerability analysis details more on the risk level, disclosure timeline, the ZEBRA daemon vulnerability, and patch information.
The post VerSprite Finds Vulnerability in NETGEAR Nighthawk WiFi Router appeared first on VerSprite.
The MOVEit vulnerability has been all over the news cycle for months, and as new victims come forward, it will stay there. MOVEit is proving just how vulnerable and complicated...
The post 8 Weeks Later: Lessons Learned from the MOVEit Vulnerability appeared first on VerSprite.
Author: Uddip Ranjan, VerSprite Threat Intelligence Group Analyst As the threat landscape continues to evolve, attackers are becoming more evasive. Organizations must take a proactive approach to cybersecurity to identify...
The post Proactive Malware Threat-Hunting: Benefits, Techniques, and Trends appeared first on VerSprite.
Organizations face ever-increasing cyber threats in todayβs rapidly evolving digital landscape. To address this challenge, a virtual Security Operations Center (vSOC) has emerged as an affordable and effective solution for...
The post Virtual Security Solution for Your Organization β VerSprite VSOCΒ appeared first on VerSprite.
Determining the impact and probability values of threats and vulnerabilities is critical to managing risks associated with the threat model and having a strong cybersecurity program. PASTA, the risk-centric methodology,...
The post Determining Impact and Probability in Risk-Centric Threat Modeling (With PASTA)Β appeared first on VerSprite.
A robust threat modeling methodology for applications and organizations is crucial in navigating the modern and complex cybersecurity landscape. This blog post focuses on the key aspects of the threat...
The post From Complexity to Clarity: Demystifying Risk Equation in Threat Modeling appeared first on VerSprite.
How adding security throughout the SDLC using DevSecOps can prevent supply chain attacks.
The post Ransomware Recovery β 5 Action Items Missing from Your Plan appeared first on VerSprite.
The post Infographic: Black, Grey, and White Box Testing appeared first on Versprite.
Being prepared is winning half the battle with cybercriminals. By having in place this robust cyberattack readiness checklist, you will ensure your organization is ready to respond to potential threats:...
The post Cyberattack Readiness Checklist appeared first on VerSprite.
Is Your Company Ready to Make the Transition to PCI DSS 4.0? Joaquin Paredes Director of Offensive Security Practice The Payment Card Industry Data Security Standard (PCI DSS) standard, established...
The post PCI DSS 4.0: What You Need to Know and What You Need to Do appeared first on VerSprite.
How Maslowβs Hierarchy of Needs can help identify cyber threats. Daniel Stiegman Principal Intelligence Analyst βΒ Threat Intelligence GroupΒ at VerSprite Why does crime happen? Cyber security professionals can be so invested...
The post Why Bad Guys do Bad Things: appeared first on Versprite.
How adding security throughout the SDLC using DevSecOps can prevent supply chain attacks.
The post DevSecOps: Your Secret Weapon Against Supply Chain Attacks appeared first on VerSprite.
Guide to understanding the investment value of preventative mitigation measures
The post Translating Preventative Risk Mitigation to ROIΒ appeared first on VerSprite.
Login