Exploiting DLLs A guide to DLL Hijacking
Abstract As per the recent statistics available Windows still remains the most used operating system for digital devices. Almost 77% of the computers today run Windows operating system. With its GUI based implementation and ease of compatibility with most of the available software, Windows is…
SMB Enumeration & Exploitation & Hardening
IntroductionWhat is SMB?SMB (Server Message Block) is a network protocol for accessing files, printers and other deviceson the network. Server Message Block provides file sharing, network browsing, printing services,and interprocess communication over a network. Most usage of SMB involves computersrunning Microsoft Windows, where it was…
Siemens Opcenter Execution Core (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-196-07 Siemens Opcenter Execution Core that was published…
Siemens UMC Stack
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-196-05 Siemens UMC Stack that…
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update A)…
Bypass Certificate Pinning in modern Android application via custom Root CA
I. IntroductionThis document is intended to provide detailed instructions for bypass certificate pinning via custom Root CA. It covers all the required topics for understanding this method. The proof of concept will help visualize and perform bypass certificate pinning, specially in modern applications now and…
Siemens SCALANCE & SIMATIC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC that was published April 14, 2020 on the ICS…
Cleanly Escaping the Chrome Sandbox
This post will explain how we discovered and exploited Issue 1062091, a use-after-free (UAF) in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge. Background Our goal is to make this post accessible to those unfamiliar with Chrome exploitation,…
CVE 2020-6418 Type confusion in V8 in Google Chrome prior to 80.0.3987.122
CVE-2020-6418 is a type confusion vulnerability in V8, Google Chrome’s open-source JavaScriptand WebAssembly engine. Vulnerability Description On February 25, security updates were released for Google Chrome and Microsoft Edge. The opensource JavaScript and WebAssembly engines in V8 in Google Chrome before 80.0.3987.122 andMicrosoft Edge browser…
Siemens Industrial Products SNMP Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update…
Stay connected