Home | VerSprite Resources

Exploitation of Vulnerabilities

We are passionate about helping our clients chart a course that brings security and business together.

NETGEAR Nighthawk WiFi Router Vulnerability Bug | VerSprite Security Research

Blog Post

VerSprite Security Researchers

VerSprite Finds Vulnerability in NETGEAR Nighthawk WiFi Router

VerSprite’s Security Research team found a high-risk vulnerability in NETGEAR’s popular gaming router. This vulnerability analysis details more on the risk level, disclosure timeline, the ZEBRA daemon vulnerability, and patch information.

Learn more

Opto 22 PAC Factory Software Security concern | VerSprite Cyber Security

Blog Post

Opto 22 PAC security vulnerability

Unpatched Security Vulnerability in OPTO 22 PAC Basic Software

This ungated Vulnerability Analysis Report outlines the vulnerabilities found by VerSprite’s security research team within Razer’s Synapse 3 software suite, including risk level, disclosure timeline, and remediation information. The vulnerabilities covered are CVE-2021-30493 and CVE-2021-30494.

Learn more

Razer-Synapse-3-Security-Vulnerability-Analysis-2

Blog Post

Razer Synapse 3 Security Vulnerability Analysis Report

This ungated Vulnerability Analysis Report outlines the vulnerabilities found by VerSprite’s security research team within Razer’s Synapse 3 software suite, including risk level, disclosure timeline, and remediation information. The vulnerabilities covered are CVE-2021-30493 and CVE-2021-30494.

Learn more

Blog Post

Windows Interprocess Communications (IPC)

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

In the last iteration of our four-part series, VerSprite’s security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through static analysis.

Learn more

Blog Post

Ematic Wavlink Winstar Jetstream Router Security Backdoor

Ematic, Wavlink, Winstars, and Jetstream Wi-Fi Routers Have Hidden Backdoor

A web-accessible backdoor was found in affordable Wi-Fi routers sold at Walmart, eBay, and Amazon. In this article, VerSprite experts explore the backdoor vulnerability investigation and provide mitigation solutions.

Learn more

How-to-Reverse-and-Exploit-Windows-Named-Pipe-Servers---VerSprite

Blog Post

reversing windows named pipe servers

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers

In part three of this four-part series, VerSprite’s security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through using both dynamic analysis and static analysis.

Learn more

Blog Post

What is Responsible Disclosure?

What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.

Learn more

Reverse engineering undocumented structures,undocumented structures, ESTROBJ Windows 10 x64, STROBJ Windows 10 x64, STROBJ, ESTROBJ, _ESTROBJ, _STROBJ, STROBJ Windows 10, ESTROBJ Windows 10

Blog Post

Reverse Engineering

Reversing Stories: Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64

Have you ever come across undocumented Windows structures that need to be reverse-engineered in order to perform a vulnerability analysis? In this post, we will demonstrate how to update these using IDA Pro and HexRays Decompiler for the ESTROBJ and STROBJ structures on Windows 10 x64.

Learn more

windows-vulnerability-windows-kernel

Blog Post

Exploitation of Vulnerabilities

Investigating Microsoft Windows Vulnerability CVE-2019-1169

VerSprite recently investigated CVE-2019-1169, a NULL pointer dereference vulnerability in win32k.sys that Microsoft fixed in the August 2019 patch update. This led to the creation of a working exploit which can successfully leak data from arbitrary kernel addresses on affected Windows 7 machines.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos