Note: These vulnerabilities remain unpatched at the point of publication. We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full timeline at the end of this article), however no patch has yet been released. Consequently, we are at the point of publishing […]
Author Archive for: Kyriakos Economou
About Kyriakos Economou
This author has yet to write their bio.Meanwhile lets just say that we are proud Kyriakos Economou contributed a whooping 20 entries.
Entries by Kyriakos Economou
Nettitude have discovered three vulnerabilities in Carbon Black; CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569. Two of these have been patched at the time of writing. CVE-2016-9570 Module: cb.exe (SRC-149) Version: 184.108.40.206603 Bug Type: Read-Out-Of-Bounds Impact: DoS Prerequisites: Hijack NetMon Pipe Severity: Medium Status: Remediated Note: The following technical details are taken from the x86 build of the Carbon Black […]
We recently discovered a new and quietly released Windows kernel exploitation defence. Exploiting a kernel bug by setting the pointer to the SecurityDescriptor to NULL in the header of a process object running as SYSTEM won’t work from Windows 10 v1607 (Build 14393). If you want to know why, keep reading.
We recently received an email which contained a malicious Word macro. Usually, the only thing that changes between malicious Office macros is the obfuscation that is used; e.g. changing variable names and splitting text strings. This one was different. We decided to analyse the payload and before we knew it, we were deep down the rabbit hole!