Our Blog
From Discovery to Disclosure: ReCrystallize Server Vulnerabilities
Reading time:
~11 min
Posted
by Paul van der Haas
on
22 March 2024
TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many problems, some of which...
Sail away, sail away, sail away
Reading time:
~10 min
Posted
by Reino Mostert
on
31 May 2022
A while back, after some live music and drinks at Railways, I made my way to another city for pleasant...
The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938
Reading time:
~11 min
Posted
by Hector Cuesta
on
28 October 2019
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found...
Analysis of a 1day (CVE-2019-0547) and discovery of a forgotten condition in the patch (CVE-2019-0726) – Part 1 of 2
Reading time:
~16 min
Posted
by Hector Cuesta
on
02 May 2019
This post will cover my journey into the analysis of CVE-2019-0547 (Affecting the windows DHCP client), a vulnerability discovered by...
Being Stubborn Pays Off pt. 1 – CVE-2018-19204
Reading time:
~13 min
Posted
by Javier Jimenez
on
18 April 2019
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...
Linux Heap Exploitation Intro Series: Set you free() – part 2
Reading time:
~16 min
Posted
by Javier Jimenez
on
06 September 2018
Intro Hello there! On this part we are focusing on abusing chunk creation and heap massaging in hope of overwriting...
Linux Heap Exploitation Intro Series: Set you free() – part 1
Reading time:
~15 min
Posted
by Javier Jimenez
on
15 March 2018
Intro (part 1) Hello and welcome to the final post of our Intro to exploitation series! We have learned the basics...
Linux Heap Exploitation Intro Series: Riding free on the heap – Double free attacks!
Reading time:
~15 min
Posted
by Javier Jimenez
on
22 December 2017
Intro Hello again and welcome to the third of our series. On today’s blog post we are going to see...
Outlook Home Page – Another Ruler Vector
Reading time:
~12 min
Posted
by etienne
on
11 October 2017
Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This...
Macro-less Code Exec in MSWord
Reading time:
~5 min
Posted
by saif
on
09 October 2017
Authors: Etienne Stalmans, Saif El-Sherei What if we told you that there is a way to get command execution on...
Abusing GDI Objects for ring0 Primitives Revolution
Reading time:
~21 min
Posted
by saif
on
29 July 2017
Exploiting MS17-017 EoP Using Color Palettes This post is an accompaniment to the Defcon 25 talk given by Saif. One...
Linux Heap Exploitation Intro Series: Used and Abused – Use After Free
Reading time:
~9 min
Posted
by Javier Jimenez
on
28 July 2017
Intro After analysing the implementation of ptmalloc2 which, is a must read if you don’t know anything about the linux userland...
Linux Heap Exploitation Intro Series – (BONUS) printf might be leaking!
Reading time:
~11 min
Posted
by Javier Jimenez
on
19 June 2017
Intro Hi there (again)! This series are going to an end as the next and feasible step is the widely...
USaBUSe Linux updates
Reading time:
~6 min
Posted
by Rogan Dawes
on
10 March 2017
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...
Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects
Reading time:
~39 min
Posted
by saif
on
03 January 2017
Starting from the beginning with no experience whatsoever in kernel land let alone exploiting it, I was always intrigued and...