Black Hat 2015 - WSUSpect - Compromising the Windows Enterprise via Windows Update

Ever wondered what really happens when you plug in a USB device and Windows begins ‘searching for Drivers’? Who doesn’t have that Windows Update reboot dialog sitting in the corner of their desktop? Our talk will take an exciting look at one of the dullest corners of the Windows OS.

WSUS (Windows Server Update Services) allows admins to co-ordinate software updates to servers and desktops throughout their organisation. Whilst all updates must be signed by Microsoft, we find other routes to deliver malicious updates to Windows systems using WSUS. We will demonstrate how a default WSUS deployment can be leveraged to gain SYSTEM level access to machines on the local network.

Continue reading...

44Con 2014 - Hacking an Internet Enabled Lagomorph

So, I have to admit, I got a little obsessed with this project. Who would have thought an internet enabled, hyperkinetic, 9.6-inch rabbity thing could hold so much intrigue. Little did I know that in procuring this geek toy I’d be delving down the proverbial rabbit hole of ARM exploitation, including reverse engineering, cross compiling, protocol analysis, 0days and producing exploits from vulnerability advisories. All this in an attempt to get remote code execution… on a rabbit… seriously!

Continue reading...

Hacking into Internet Connected Light Bulbs

The subject of this blog, the LIFX light bulb, bills itself as the light bulb reinvented; a “WiFi enabled multi-color, energy efficient LED light bulb” that can be controlled from a smartphone [1]. We chose to investigate this device due to its use of emerging wireless network protocols, the way it came to market and its appeal to the technophile in all of us.

Continue reading...

libmms - Heap-based buffer overflow

Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.

Continue reading on sourceforge.net...

VMware ESXi - NFC NULL pointer dereference

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.

Continue reading on www.vmware.com...

VMware ESXi - hostd-vmdb Denial of Service

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.

Continue reading on www.vmware.com...

Mozilla Firefox - Integer overflow in ANGLE library

Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

Continue reading on www.mozilla.org...

VMware ESXi - NFC Denial of Service

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.

Continue reading on www.vmware.com...

Google Chrome - Integer overflow in ANGLE

Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Continue reading on chromereleases.googleblog.com...

Firefox - Almost Native Graphics Layer Engine (ANGLE) library Integer Overflow

The Almost Native Graphics Layer Engine (ANGLE) library as used in Mozilla Firefox is vulnerable to an integer overflow vulnerability leading to memory corruption which may allow an attacker to exploit the browser process. The ANGLE library is used by Firefox on Windows as a bridge between the OpenGL ES 2.0 API and DirectX.

Continue reading...

Older Page 6 of 7 Newer