2017
Abusing GDI Objects for ring0 Primitives Revolution
This post is an accompaniment to the Defcon 25 talk given by Saif. One of the core topics of the talk was the release of a new technique GDI object abuse technique, name Palette Objects. Saif presented a previously unreleased Windows 7 SP1 x86 exploit involving the abuse of a newly discovered GDI object abuse technique. A complete white-paper on the topic was released and can be found here: Whitepaper Both…
Linux Heap Exploitation Intro Series: Used and Abused – Use After Free
After analysing the implementation of ptmalloc2 which, is a must read if you don’t know anything about the linux userland heap, I decided that for the second part of it, I would approach it as in a series of blog posts. Why? You might ask. Well it is easy for someone to tackle a problem in bite sized “chunks”. Understanding the heaps can be difficult and each of the techniques to be…
A new colour scheme
SensePost has been hacking for 17 years and the time has come for a branding change. The change in logo is related to the acquisition of SensePost 3 years ago by SecureData Europe Ltd. Daily operations at SensePost have been, and continue to be, largely unaffected by the acquisition. The investment has let us do things we otherwise wouldn’t have been able to, such as significantly expanding our training portfolio,…
objection – mobile runtime exploration
In this post, I want to introduce you to a toolkit that I have been working on, called objection. The name being a play on the words “object” and “injection”. objection is a runtime exploration toolkit powered by Frida, aimed at mobile platforms. iOS only for now, objection aims to allow you to perform various security related tasks on unencrypted iOS applications, at runtime, on non-jailbroken iOS devices. Features include…
SensePost at BlackHat & Defcon 2017
July is our favourite time of year, when thousands descend into Las Vegas for Blackhat/Defcon, or more commonly referred to as ‘Hacker Summer Camp’. This year, our camp councillors have been working hard to bring you all our latest creations. We’re running our usual training at BlackHat, and as usual have been working hard to build new courses and update others. Here’s a list: BLACK OPS HACKING FOR PENTESTERS –…
Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode
Recently, I reported CVE-2017-7668 (Apache Server buffer-over-read). This is a cross-post from my personal blog where I explain how to fuzz network programs with AFL by porting techniques learned in honggfuzz into AFL. After a small chat with Dominic he asked me to re-post it here which, for me it’s an honour to do so! The reported CVE was obtained with code analysis and instrumentation of the right parts of…
Linux Heap Exploitation Intro Series – (BONUS) printf might be leaking!
Hi there (again)! This series are going to an end as the next and feasible step is the widely known buffer overflow and its analysis in the heap and, I am not too convinced about it since the unsafe unlink method is long gone. But don’t be sad, today we are going for a bonus one! During the last post (double free attacks) one I stumbled across some weird behaviour that caught…
Pentesting Enterprise Infrastructure – Journeyman Level
Sophisticated attacks aim to hide from endpoint solutions Advanced hacking. Expert approaches We are inundated by advanced this, expert that, when it comes to hacking and hacking training. When a breach occurs, the media portray it as some epic hack that mere mortals would struggle to comprehend, when in reality it’s actually a run of the mill SQLi attack. Often it’s not advanced, but makes use of a series of…
Womens Training Scholarship
SensePost and BlackHat are proud to announce a new scholarship initiative for a woman in the information security field. The scholarship will include a ticket to Black Hat USA 2017 in Las Vegas, complimentary access to one of our training courses, airfare, and accommodation. The scholarship will be awarded to a woman who demonstrates a strong desire to hone her InfoSec skills (more below). How To Enter? To enter, send us…
Sending AM-OOK using Metasploit and rftransceiver
Towards the end of last year, I found myself playing around with some basic amplitude modulation (AM)/On-off keying (OOK) software defined radio. That resulted in ooktools being built to help with making some of that work easier and to help me learn. A little while ago, the Metasploit project announced new ‘rftransceiver’ capabilities that were added to the framework with a similar goal of making this research easier. First things…