Dirty COW – CVE-2016-5195

Introduction: A privilege escalation vulnerability in Linux Kernel has been discovered by Phil Pester. The bug has been in existence since version 2.6.22 which was released in 2007 and has been fixed on Oct 18  2016. The bug allows an unprivileged authenticated local user to gain write access to read only memory mappings. A number … Continue reading “Dirty COW – CVE-2016-5195”

Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities

Abstract: While doing our daily research for ThreatPROTECT, I came across ManageEngine, Zoho Corporation’s OpManager product. It is a network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure thereby providing all the visibility and control that you need over your network. So we decided to use it for our internal … Continue reading “Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities”

Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497

Abstract: While analyzing exploits for ThreatPROTECT, I came across a Metasploit module for Persistent Systems Radia Client Automation (RCA)- CVE-2015-1497. This module has been tested on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5. Radia Client Automation software is PC and mobile device lifecycle management tool for automating routine client-management tasks such … Continue reading “Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497”

Zero Day Exploit Analysis for VX Search Enterprise

VX Search is an automated, rule-based file search solution allowing users to search files by various attributes. Recently, a remotely exploitable zero day was released for VX Search and the PoC is published on exploit-db. The exploit targets a vulnerability in VX Search Enterprise and attackers can execute code with SYSTEM privilege remotely. In this … Continue reading “Zero Day Exploit Analysis for VX Search Enterprise”

Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)

Introduction The Windows registry is a hierarchical tree with nodes called keys and each key can contain subkeys or values, a logical group of keys is called a hive. By default Windows has 7 standard hives .There are many reasons to target the registry to gain persistence by modifying entries, to obtain user and system … Continue reading “Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)”

WordPress Neosense Theme Zero Day

WordPress is the de-facto open source content management system written in PHP with over 17,000,000 publicly (!) detected installations. Want to make money with your programming skills and WordPress? Easy peasy! Simply develop a theme or a plugin, include other open source products and start making money. It is that easy if you have decent … Continue reading “WordPress Neosense Theme Zero Day”

Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis

On Tuesday, Microsoft released a security update for Silverlight (MS16-109). Silverlight vulnerabilities are always one of the attacker’s favorite targets because most of them allow remote code execution. In this blog, I will explain what the vulnerability is about and the exploit indicators. Patch Diff and Root Cause: Patch diff is a very common way … Continue reading “Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis”

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)

Internet explorer can reveal the existence of a file based on how it handles file URIs like file://…, by default IE implements Local Machine Zone Lockdown (LMZL) to prevent access to file URIs  and alerts the user via error dialogue box irrespective of the existence of the file. Furthermore, IE restricts execution of scripts based on … Continue reading “Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)”

TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)

Abstract: Few days ago, an unknown threat actor, that goes by the name “The Shadow Brokers” leaked some highly sophisticated exploits. It is alleged that the exploits leaked by “The Shadow Brokers” belong to Equation Group – an elite cyber-attack group associated with the NSA. These leaked exploits work against many routers/firewalls from prominent vendors … Continue reading “TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)”

FortiGate Shadow Brokers Exploit – CVE-2016-6909

Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”