Below I will present 2 bugs from last fuzzing session with Microsoft Outlook 2016. Vendor was notified about those bugs. Just like before (1, 2, 3, 4) here you will find some details...
Strony
▼
niedziela, 29 października 2017
środa, 25 października 2017
Night fuzzing session - Kaspersky10 on Windows 10 - part 2
In the middle of time, just like before I was playling a little bit with Kaspersky Endpoint Security 10 for Windows 10. New results from the 'night fuzzing session' you will find below...
Patch your Fortinet - CVE-2017-14182
Few weeks ago during some pentest I found that tested Fortinet-appliance is sometime restarting... I wasn't sure about the reason so I decided to contact directly with the Fortinet's PSIRT. Patch is ready so below you will find few details about it. Enjoy...
poniedziałek, 23 października 2017
ZBX-11023 quick autopsy
When I was reading descriptions of bugs at VulDB I found that there is an SQL injection vulnerability in Zabbix (<2.2.13 and <3.0.4). I decided that it will be a good exercise to write a small proof-of-concept for that bug. Below you'll find results...
Protostart CTF - format0 - walkthrough
Next challenge from Protostar CTF. This time we will check format0. Let's get to work!
środa, 11 października 2017
Protostart CTF - heap2 - walkthrough
As a quick writeup - this time we will take a look for a heap2 challenge from Protostar CTF (you can find the game here). Let's go...
poniedziałek, 9 października 2017
Protostart CTF - heap1 - walkthrough
In our last challenge we were able to overwrite the pointer of winner(). Let's see if we can expoit heap1 available also in ProtostarCTF. Details below...
Protostart CTF - heap0 - walkthrough
During last few days I had a pleasure to learn a little bit more about heap exploitation in Linux. I decided that it will be a good moment to take a look for a ProtostarCTF. Below you will find few details about it...