Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497

Abstract: While analyzing exploits for ThreatPROTECT, I came across a Metasploit module for Persistent Systems Radia Client Automation (RCA)- CVE-2015-1497. This module has been tested on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5. Radia Client Automation software is PC and mobile device lifecycle management tool for automating routine client-management tasks such … Continue reading “Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497”

Zero Day Exploit Analysis for VX Search Enterprise

VX Search is an automated, rule-based file search solution allowing users to search files by various attributes. Recently, a remotely exploitable zero day was released for VX Search and the PoC is published on exploit-db. The exploit targets a vulnerability in VX Search Enterprise and attackers can execute code with SYSTEM privilege remotely. In this … Continue reading “Zero Day Exploit Analysis for VX Search Enterprise”

Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)

Introduction The Windows registry is a hierarchical tree with nodes called keys and each key can contain subkeys or values, a logical group of keys is called a hive. By default Windows has 7 standard hives .There are many reasons to target the registry to gain persistence by modifying entries, to obtain user and system … Continue reading “Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)”

WordPress Neosense Theme Zero Day

WordPress is the de-facto open source content management system written in PHP with over 17,000,000 publicly (!) detected installations. Want to make money with your programming skills and WordPress? Easy peasy! Simply develop a theme or a plugin, include other open source products and start making money. It is that easy if you have decent … Continue reading “WordPress Neosense Theme Zero Day”

Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis

On Tuesday, Microsoft released a security update for Silverlight (MS16-109). Silverlight vulnerabilities are always one of the attacker’s favorite targets because most of them allow remote code execution. In this blog, I will explain what the vulnerability is about and the exploit indicators. Patch Diff and Root Cause: Patch diff is a very common way … Continue reading “Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis”

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)

Internet explorer can reveal the existence of a file based on how it handles file URIs like file://…, by default IE implements Local Machine Zone Lockdown (LMZL) to prevent access to file URIs  and alerts the user via error dialogue box irrespective of the existence of the file. Furthermore, IE restricts execution of scripts based on … Continue reading “Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)”

TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)

Abstract: Few days ago, an unknown threat actor, that goes by the name “The Shadow Brokers” leaked some highly sophisticated exploits. It is alleged that the exploits leaked by “The Shadow Brokers” belong to Equation Group – an elite cyber-attack group associated with the NSA. These leaked exploits work against many routers/firewalls from prominent vendors … Continue reading “TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)”

FortiGate Shadow Brokers Exploit – CVE-2016-6909

Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”

Cisco ASA Shadow Brokers Exploit – CVE-2016-6366

Cisco recently released an advisory for Cisco ASA (Adaptive Security Appliance) SNMP Remote Code Execution Vulnerability. (cisco-sa-20160817-asa-snmp) The vulnerability allows the attacker to obtain full control of the system when crafted SNMP packets are sent to the affected system using SNMP community string. All supported versions of SNMP (v1, v2c, and 3) are affected by … Continue reading “Cisco ASA Shadow Brokers Exploit – CVE-2016-6366”

Sundown Exploit Kit: A New Player In The Exploit Kit World

Abstract: The underground cyber world of exploit kits (EK) is always evolving with addition of new exploits and delivery of new payloads. The EK industry is a huge market and since the disappearing of Angler EK, it appears everyone wants to grab a share of this lucrative market. There is a new player in this … Continue reading “Sundown Exploit Kit: A New Player In The Exploit Kit World”