Windows SMBv3 Zero Day Vulnerability

Introduction: A buffer overflow vulnerability in SMBv3 was made public on Feb 12017, by Laurent Gaffie. The CVE-ID is CVE-2017-0016. A PoC for the same is also available here. The bug affects Windows 2012, Server 2016 and Windows 10. At the moment the PoC only demonstrates DoS attack on the target, we are not sure … Continue reading “Windows SMBv3 Zero Day Vulnerability”

WebEx Browser Extension Remote Code Execution Vulnerability

Introduction: Cisco WebEx is used to provide on-demand , online meeting, web conferencing and videoconferencing applications. It is has millions of users across the globe. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-3823. The bug was report on January 19 2016. It allows the WebEx extension … Continue reading “WebEx Browser Extension Remote Code Execution Vulnerability”

Microsoft Edge JavaScript Information leaking Vulnerability Analysis

On November’s Microsoft Patch Tuesday, Microsoft patched multiple security vulnerabilities in Edge browser. At the beginning of January, a security research published POC code on github which exploit CVE-2016-7200 and CVE-2016-7201. Not long after the POC code, these 2 vulnerabilities become actively being exploited by multiple exploit kits. This blog is about the analysis of root … Continue reading “Microsoft Edge JavaScript Information leaking Vulnerability Analysis”

Sundown Exploit Kit Attacking Microsoft Edge Browser

The Sundown Exploit Kit that first came to light in mid 2016, appears to be under aggressive development. The exploit-kit is actively attacking the Edge Browser from Microsoft shipped with Windows 10. Specifically, the exploit-kit is targeting CVE-2016-7200 and CVE-2016-7201 which Microsoft fixed with update MS16-129, released on Patch Tuesday in the month of November. The vulnerability … Continue reading “Sundown Exploit Kit Attacking Microsoft Edge Browser”

Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability

Introduction: Recently, IoT devices have been used to create large-scale botnet of devices that can execute crippling distributed denial-of-service (DDoS) attacks. Because many IoT devices are unsecured or weakly secured, which allows the bot to access hundreds of thousands of devices. The IoT devices affected in the latest incidents were primarily home routers, network-enabled cameras, … Continue reading “Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability”

Firefox SVG Animation Remote Code Execution CVE-2016-9079

Introduction: A zero day exploit against Tor Browser and FireFox has been observed in the wild. The exploit is initiated when a target accesses a compromised web page or web page hosted by an attacker. The vulnerability has been assigned CVE Id – 2016-9079, Bugzilla id – 1321066. The exploit targets a use after free vulnerability … Continue reading “Firefox SVG Animation Remote Code Execution CVE-2016-9079”

Remote Code Execution Attack Against Eircom D1000 Router

In last month more than 900,000 routers belonging to Deutsche Telekom users in Germany were under attack due to remote code execution. TR-064 protocol is abused in new attack. Port 7547 is used by a remote management protocol known as either TR-069 or CWMP. “According to Shodan, about 41 Million devices have port 7547 open. … Continue reading “Remote Code Execution Attack Against Eircom D1000 Router”

NTPD read_mru_list() DoS Layman Analysis

Background: NTP stands for Network Time Protocol, which is a UDP based protocol designed to synchronize clocks of devices over a network with Coordinated Universal Time (UTC). In it’s fourth version, it is one of the oldest networking protocols. NTP.org implemented this as a daemon. Many vendors use this implementation in their products. In it’s … Continue reading “NTPD read_mru_list() DoS Layman Analysis”

Shell Code Analysis for The Active Firefox Tor Attack

On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”

NTP CVE-2016-7434 Vulnerability Analysis

Last week, the Network Time Foundation’s NTP Project released a new version, NTP 4.2.8p9,  to fix 10 security vulnerabilities. We noticed that after the new release came out, the original research published a POC for exploiting CVE-2016-7434. This blog is about the verifying the exploit published and a deep analysis about this vulnerability. NTP MRU … Continue reading “NTP CVE-2016-7434 Vulnerability Analysis”