Home | VerSprite Resources
View VerSprite's Compliance Advisory Services →
Download Service Listings
Exploit Development
What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.
Learn more
Versprite
Exploitation of Vulnerabilities
Have you ever come across undocumented Windows structures that need to be reverse-engineered in order to perform a vulnerability analysis? In this post, we will demonstrate how to update these using IDA Pro and HexRays Decompiler for the ESTROBJ and STROBJ structures on Windows 10 x64.
Grant Willcox
Microsoft Windows Vulnerabilities
VerSprite recently investigated CVE-2019-1169, a NULL pointer dereference vulnerability in win32k.sys that Microsoft fixed in the August 2019 patch update. This led to the creation of a working exploit which can successfully leak data from arbitrary kernel addresses on affected Windows 7 machines.
After investigating an information leak within Windows 10 in more detail, we decided to see how feasible it would be for an attacker to create an IDAPython script that could discover CVE-2019-1436 and other similar memory leaks automatically.
In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.
Robert Hawes
In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.
VerSprite’s Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.
win32kbase!gahDpiDepDefaultGuiFonts
Attack Surface
Utilizing reverse proxies offers a more advanced approach for creating phishing web pages that not only allow the Victim User to fully authenticate to their account through a malicious site, but also how to automate the theft of information within the account.
James Sibley
Password Management
LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone
