Home | Resources | Security Research

VerSprite Security Research

We Solve Complex Technical Challenges

VerSprite's Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies. Our clients rely on VerSprite's unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors. From advanced technical security training to our research for hire B.O.S.S offering, we help organizations solve their most complex technical challenges. Learn more →

Chrome Exploit

Blog Post

Chrome Exploitation:

To teach Chrome exploitation to my team, I’ve selected a previous 0day RCE that I found last year for my company VerSprite: CVE-2021-21224 https://crbug.com/1195777, and I’ve paired it with a SBX bug found by Tim Becker: https://crbug.com/1062091.

Learn more

Printer Vulnerability

Blog Post

Exploit Development

Printer Spooler Bug Research

In this blog, we dive into and show how attackers could combine the 0day CVE-2020-0986 with the 0day in IE browser to achieve privilege escalation and then execute code remotely. Now, Maddie Stone, a security researcher on Google’s Project Zero team, found that an attacker can still trigger CVE-2020-0986 and elevate kernel privileges by sending an offset instead of a pointer.

Learn more

Windows Vulnerability

Blog Post

Exploitation of Vulnerabilities

Windows Kernel Drive Vulnerability Research: CVE-2020-17087

in this blog, we show POC Windows LPE CNG.sys CVE-2020-17087: root cause + patch analysis + reduction of crashing sample to be a 1 liner

Learn more

Cyber Attacks on Smart Cars

Blog Post

Cyber Attacks on Smart Cars Using SDR

The aim of this research is to uncover the vulnerabilities of the keyless smart cars as well as to hack and exploit them through the technologies like software defined radio (SDR) and devices GNURadio and HackRF.

Learn more

Android

Blog Post

Exploit Development

Exploring Android Vulnerabilities and Binder: Part II Building POC Code with Android NDK

This blog continues Part I of the android exploitation experiment. We build a proof-of-concept code with an Android NDK. UAF vulnerability (CVE-2019-2215)

Learn more

Android Vulnerability

Blog Post

Android Vulnerabilities and Exploits

Exploring Android Vulnerabilities and Binder: Part I

This blog post will trigger a UAF vulnerability (CVE-2019-2215) in Binder from scratch. After preparing the necessary environment and tools, we will reach the KASAN output with the POC exploit.

Learn more

Linux Operating System

Blog Post

operating system

Part 6: Comprehensive Research of Linux Operating System

This research series examined the Linux OS in detail and discussed everything from its architecture to the drivers and even the exploits. Today, we conclude the comprehensive research of Linux with an overview of its main elements.

Learn more

IoT_Threats_Cybersecurity

Blog Post

iot devices explained

Threats of IoT Devices

IoT devices have embedded their way into our daily lives. From appliances, smart home systems, trackers, and doorbells to CPAP machines. We look at the security risks these IOT devices can bring into your life and how you can protect yourself from the risks.

Learn more

Blog Post

Part 5: Comprehensive Research of Linux Operating System

To summarize again briefly, syscall is an instruction that lowers the privilege level of the currently running application to 0 and allows the program to be performed in higher privilege using the required registers. In this section, we look at the Syscall instruction at the assembly level and try to analyze it in detail.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos