VS-Labs full range of services extend across the following:
Zero Day Vulnerability Research
Maintaining awareness regarding unknown threats to your products, technologies, and enterprise networks are key. Customers that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. This subscription-based capability provides the customer immediate access to zero-day vulnerabilities affecting their products, and software used throughout their organization.
B.O.S.S (Back of Store Security) Research
Essentially a research for hire for client specific goals and objectives. VerSprite's Research and Development division prides itself on being able to solve technical challenges for its customers. VerSprite's BOSS offering allows our clients to utilize these capabilities and dive into the security internals of their products.
Advanced Security Training
VerSprite's advanced technical security training is created from VerSprite's Research and Development division. VerSprite's training offerings provide unique and original content that targets the advanced user and allows them to up their game in a technical discipline.
Latest Security Advisories & Publications
EXPLOITING VYPRVPN FOR MACOS
24 January 2018
Overview In 2017, VerSprite released an advisory for a privilege escalation vulnerabiliy in the VyprVPN macOS application. In this blog post, we'll dive into the process of finding this vulnerability and writing a simple exploit for it. Auditing When performing attack surface enumeration for any macOS application, I typically search for XPC (Cross Process Communication) API usage. I've found that rarely do I see XPC services in third-party applications being secured, so it tends to always be a focal point for my bug hunting…
EXPLOITING THE DOLPHIN BROWSER FOR ANDROID’S BACKUP & RESTORE FEATURE
14 December 2017
Overview On December 11, 2017 VerSprite published the following advisory for the Dolphin Browser. Advisory [VS-2017-001] Dolphin Browser for Android Backup & Restore Arbitrary File Write Vulnerability CVE ID CVE-2017-17551 Vendor Mobotap Product Dolphin Browser for Android < 12.0.2 Vulnerability Details The Backup and Restore feature in Mobotap's Dolphin Browser for Android 12.0.2, suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability, allows an…
FRIDA ENGAGE PART TWO | SHELLCODING AN ARM64 IN-MEMORY REVERSE TCP SHELL WITH FRIDA
28 November 2017
Overview In the first installment of the Frida Engage blog series, we explored the ways in which we could use Frida's Memory, NativeFunction, and Module API(s) to build a simple ELF parser. In part two of the series we are going to explore and leverage Frida's new Arm64Writer API to build an in-memory reverse TCP shell. Arm64Writer Frida's 10.4 release included the exposure of its internal C API(s) used to implement Interceptor and Stalker. These API(s) come in a few flavors including Arm64. Even though there is the Arm64Relocator API, which is used for…