[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech The post [Video] Introduction to Use-After-Free Vulnerabilities...

3w

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. The post [Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis appeared first on MalwareTech.

5w

An in-depth look at hacking back, active defense, and cyber letters of marque

There has been much discussion in cyber security about the possibility of enabling the private sector to engage in active cyber defense, or colloquially “hacking back”. Several house bills have been introduced to study or enable this, such as the “Study on Cyber-Attack Response Options Act” and “Active Cyber Defense … The post An in-depth look at...

Nov 2021

How I Found My First Ever ZeroDay (In RDP)

Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS. After all, there are teams of vulnerability … The post How I Found My First Ever ZeroDay (In RDP) appeared...

Jan 2021

Are Criminals Really Using ICS Malware?

Recently, The New York Times posted a sensational article about criminals using sophisticated state software for the first time. The headline is non-specific and could be taken to mean state hacking tools in general; however, this would be completely untrue. The NSA hacking tools leaked by the shadowbrokers are used … The post Are Criminals Really...

Jun 2020

BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)

Due to the serious risk of a BlueKeep based worm, I’ve held back this write-up to avoid advancing the timeline. Now that a proof-of-concept for RCE (remote code execution) has been release as part of Metasploit, i feel it’s now safe for me to post this. This article will be … The post BlueKeep: A Journey from DoS to RCE (CVE-2019-0708) appeared first...

Sep 2019

DejaBlue: Analyzing a RDP Heap Overflow

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though it’s possible both refer to the same … The post DejaBlue: Analyzing a RDP Heap Overflow...

Aug 2019

YouTube’s Policy on Hacking Tutorials is Problematic

Recently YouTube changed its policy on “hacking” tutorials to an essential blanket ban. In the past, such content was occasionally removed under YouTube’s broad “Harmful and Dangerous Content” clause, which prohibited videos “encouraging illegal activity”. An updated policy now specifically targets instructional hacking videos. One major problem here...

Jul 2019

Analysis of CVE-2019-0708 (BlueKeep)

I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple denial-of-service PoC on github, I’m posting my analysis. Binary Diffing As always, I started with a BinDiff of the binaries modified by the patch (in … The post Analysis of CVE-2019-0708 (BlueKeep) appeared first...

Jun 2019

Analysis of a VB Script Heap Overflow (CVE-2019-0666)

Anyone who uses RegEx knows how easy it is to shoot yourself in the foot; but, is it possible to write RegEx so badly that it can lead to RCE? With VB Script, the answer is yes! In this article I’ll be writing about what I assume to be CVE-2019-0666. … The post Analysis of a VB Script Heap Overflow (CVE-2019-0666) appeared first on MalwareTech.

Apr 2019