This post describes a vulnerability found and exploited in October 2021 by Alex Plaskett, Cedric Halbronn, and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021. Lexmark published a public patch and their advisory in January 2022 together with the ZDI advisory. The vulnerability is now known as CVE-2021-44737.
NCC Group's Exploit Development Group document exploiting the sudo vulnerability on VMWare vCenter Server
We have been filling the knowledge gap by tracking all the exploit mitigations in summary tables present in modern operating systems
Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.
Exodus Intel released a proof of concept (POC) in early 2016, demonstrating how to obtain remote code execution on Cisco Adaptive Security Appliance (ASA) firewalls exposed to the internet. The POC exploits a pre-authentication vulnerability in Internet Key Exchange (IKE) aka CVE-2016-1287 and is highly critical. The POC works on 32-bit ASA 9.2.4 and supports … Continue reading A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287
TL;DR A full technical note explaining the analysis of a Flash file part of the Neutrino Exploit kit has been uploaded to our Cyber Defence Github repository. This document details a methodology to analyse all components of the original Flash file. It details how we manually deobfuscate most of its components and refers to many … Continue reading An adventure in PoEKmon NeutriGo land
tl;dr This paper details how I ported the CVE-2015-2426 (a.k.a. MS15-078) vulnerability, as originally exploited by Eugene Ching of Qavar Security on the January 2015 version of Windows 8.1 64-bit to the more recent July 2015 version of Windows 8.1 64-bit, the last version of Windows still vulnerable to this issue before it got patched by … Continue reading Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit