Home | VerSprite Resources

Exploitation of Vulnerabilities

We are passionate about helping our clients chart a course that brings security and business together.

Identifying a Userland Application’s Attack Surface on Windows

Upcoming Event

Security Vulnerabilities

VerSprite’s Security Research Consultant & VS-Labs Research Leader, Robert Hawes, will be presenting at the Wild West Hackin’ Fest. Robert’s presentation will cover how to perform attack surface enumeration concerning windows userland applications.

Learn more

Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information

Video

Exploitation of Vulnerabilities

Utilizing reverse proxies offers a more advanced approach for creating phishing web pages that not only allow the Victim User to fully authenticate to their account through a malicious site, but also how to automate the theft of information within the account.

Learn more

Phishing Attacks Through Cloned Websites

Blog Post

Exploitation of Vulnerabilities

During adversarial attack simulations harvesting credentials through phishing are typically performed through cloned websites. A cloned website works by essentially copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain (gmail.com vs. gmail.com-google.net).

Learn more

Attacking LastPass: Compromising an Entire Password Database

Blog Post

Man-in-The-Middle (MiTM) Attacks

LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.

Learn more

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Blog Post

Security Vulnerabilities

When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.

Learn more

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Blog Post

Windows Security Vulnerabilities

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Learn more

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Blog Post

Security Vulnerabilities

Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.

Learn more

Mozilla Firefox Patches Multiple Zero Days

Blog Post

Windows Security Vulnerabilities

Mozilla Firefox has patched multiple zero days that could lead to arbitrary code being executed remotely. The first vulnerability that was patched was a Universal Cross-site Scripting (UXSS) attack and worked on any Windows, MacOS and Linux device.

Learn more

OH The POSsibilities: Point of Sale System Security

Blog Post

Point-of-Sale Security

Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos