SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Credit to Author: SSD / Ori Nimron| Date: Mon, 20 Aug 2018 06:00:52 +0000

Vulnerability Summary VirtualBox has a built-in RDP server which provides access to a guest machine. While the RDP client sees the guest OS, the RDP server runs on the host OS. Therefore, to view the guest OS the RDP client will make a connection to the host OS IP address rather than the guest OS … Continue reading SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Read more

SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Credit to Author: SSD / Ori Nimron| Date: Wed, 15 Aug 2018 05:26:28 +0000

Vulnerability Summary UAF vulnerability in Linux Kernel’s implementation of AF_PACKET leads to privilege escalation. AF_PACKET sockets allow users to send or receive packets on the device driver level, which lets them implement their own protocol on top of the physical layer or sniffing packets including Ethernet and higher levels protocol and higher levels of the … Continue reading SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Read more

SSD Advisory – Infiniband Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 02 Aug 2018 12:10:25 +0000

Vulnerability Summary A bug in the threads synchronization of Infiniband Driver can cause an Use After Free. A struct that is allocated and free’d by a thread, is accessible through a second thread. If the second thread is calling the function “idr_find” before the struct was free’d by the first thread, then he can still … Continue reading SSD Advisory – Infiniband Linux Driver UAF

Read more

SSD Advisory – LINE Corporation URI Handlers Remote Commands Execution

Credit to Author: SSD / Ori Nimron| Date: Sun, 29 Jul 2018 05:10:59 +0000

Vulnerabilities Summary LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. A user clicking on a specially crafted link, can use this vulnerability to cause the user to insecurely load an arbitrary DLL which can be used to cause arbitrary code execution. Vendor Response “We released version 5.8.0 … Continue reading SSD Advisory – LINE Corporation URI Handlers Remote Commands Execution

Read more

SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Mon, 02 Jul 2018 12:19:53 +0000

Vulnerabilities Summary Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authnticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for … Continue reading SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

Read more

Hack2Win eXtreme Warm Up

Credit to Author: SSD / Noam Rathaus| Date: Mon, 02 Jul 2018 10:55:25 +0000

In our upcoming Hack2Win eXtreme event in Hong Kong we will be asking contest participants to come and try their skills breaking into devices and software, showing their abilities in finding vulnerabilities in iOS and Android, as well as in Chrome and Firefox. In preparation for the event, we are launching a “warm up” event … Continue reading Hack2Win eXtreme Warm Up

Read more

beVX Conference Challenge – HiTB

Credit to Author: SSD / Noam Rathaus| Date: Fri, 22 Jun 2018 11:30:44 +0000

During the event of Hack In the Box, we launched an ARM reverse engineering and exploitation challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-10 – that you had to download and reverse engineer and server that … Continue reading beVX Conference Challenge – HiTB

Read more

SSD Advisory – QRadar Remote Command Execution

Credit to Author: SSD / Noam Rathaus| Date: Mon, 28 May 2018 10:53:15 +0000

Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change from unauthenticated to authenticated access, to running commands, and finally running these commands with root privileges. Vendor … Continue reading SSD Advisory – QRadar Remote Command Execution

Read more

SSD Advisory – Linux AF_LLC Double Free

Credit to Author: SSD / Noam Rathaus| Date: Mon, 30 Apr 2018 13:05:13 +0000

Vulnerability Summary A use after free vulnerability in AF_LLC allows local attackers to control the flow of code that the kernel executes, allowing them to cause it to run arbitrary code and gain elevated privileges. Vendor Response The vulnerability was reported to the Kernel Security, which asked us to contact the netdev team. A patch … Continue reading SSD Advisory – Linux AF_LLC Double Free

Read more

beVX Conference Challenge – OffensiveCon

Credit to Author: SSD / Noam Rathaus| Date: Sun, 04 Mar 2018 07:27:05 +0000

During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-1 – that you had to download and reverse engineer and server that you had to access … Continue reading beVX Conference Challenge – OffensiveCon

Read more

SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution

Credit to Author: SSD / Noam Rathaus| Date: Wed, 25 Apr 2018 08:36:14 +0000

Vulnerability Summary Multiple vulnerabilities in TrustPort’s management product allow remote unauthenticated attackers to cause the product to execute arbitrary code. TrustPort Management “offers you an effective and practical way to install centrally, configure and update antivirus software in your network and it enables mass administration of TrustPort products. Central administration from TrustPort brings you simple … Continue reading SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution

Read more