Below I will present 2 bugs from last fuzzing session with Microsoft Outlook 2016. Vendor was notified about those bugs. Just like before (1, 2, 3, 4) here you will find some details...
niedziela, 29 października 2017
środa, 25 października 2017
Night fuzzing session - Kaspersky10 on Windows 10 - part 2
In the middle of time, just like before I was playling a little bit with Kaspersky Endpoint Security 10 for Windows 10. New results from the 'night fuzzing session' you will find below...
Patch your Fortinet - CVE-2017-14182
Few weeks ago during some pentest I found that tested Fortinet-appliance is sometime restarting... I wasn't sure about the reason so I decided to contact directly with the Fortinet's PSIRT. Patch is ready so below you will find few details about it. Enjoy...
poniedziałek, 23 października 2017
ZBX-11023 quick autopsy
When I was reading descriptions of bugs at VulDB I found that there is an SQL injection vulnerability in Zabbix (<2.2.13 and <3.0.4). I decided that it will be a good exercise to write a small proof-of-concept for that bug. Below you'll find results...
Protostart CTF - format0 - walkthrough
Next challenge from Protostar CTF. This time we will check format0. Let's get to work!
środa, 11 października 2017
Protostart CTF - heap2 - walkthrough
As a quick writeup - this time we will take a look for a heap2 challenge from Protostar CTF (you can find the game here). Let's go...
poniedziałek, 9 października 2017
Protostart CTF - heap1 - walkthrough
In our last challenge we were able to overwrite the pointer of winner(). Let's see if we can expoit heap1 available also in ProtostarCTF. Details below...
Protostart CTF - heap0 - walkthrough
During last few days I had a pleasure to learn a little bit more about heap exploitation in Linux. I decided that it will be a good moment to take a look for a ProtostarCTF. Below you will find few details about it...
Subskrybuj:
Posty (Atom)