Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes

Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again

This post is a technical discussion of the underlying vulnerability of CVE-2020-15257, and how it can be exploited. Our technical advisory on this issue is available here, but this post goes much further into the process that led to finding the issue, the practicalities of exploiting the vulnerability itself, various complications around fixing the issue, … Continue reading ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again →

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

Vendor: containerd Project Vendor URL: https://containerd.io/ Versions affected: 1.3.x, 1.2.x, 1.4.x, others likely Systems Affected: Linux Author: Jeff Dileo CVE Identifier: CVE-2020-15257 Advisory URL: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 Risk: High (full root container escape for a common container configuration) Summary containerd is a container runtime underpinning Docker and common Kubernetes configurations. It handles abstractions related to containerization and … Continue reading Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257) →

The CIS Security Standard for Docker available now

This is just a short blog post to announce the availability of the new CIS Security Standard for Docker 1.12 which NCC Group was involved in co-authoring and contributing to. The Docker project (and containerisation as a concept in general) has become a hot topic in various aspects of IT over the last few years. … Continue reading The CIS Security Standard for Docker available now →

Adventures in Xen Exploitation

tl;dr This post is about my experience trying to exploit the Xen SYSRET bug (CVE-2012-0217). This issue was patched in June 2012 and was disclosed in Xen Security Advisory 7 [1]. The bug was found by Rafal Wojtczuk and Jan Beulich. Rafal gave a talk about it at BlackHat USA 2012, [2][3]. Xen versions unpatched … Continue reading Adventures in Xen Exploitation →