Home | VerSprite Resources

Exploitation of Vulnerabilities

We are passionate about helping our clients chart a course that brings security and business together.

Part II: Analysis of a Vulnerable Microsoft Windows Named Pipe Application

Blog Post

Microsoft Windows Security Vulnerabilities

In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.

Learn more

Part I: The Fundamentals of Windows Named Pipes

Blog Post

Named Pipe Servers

In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.

Learn more

VerSprite Uncovers Silently Patched Information Leak

Blog Post

Exploitation of Vulnerabilities

VerSprite’s Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.

Learn more

Phishing Attacks Through Cloned Websites

Blog Post

Multi-Factor Authentication

During adversarial attack simulations harvesting credentials through phishing are often performed through cloned websites. A cloned website works by copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain.

Learn more

Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information

Video

Utilizing reverse proxies offers a more advanced approach for creating phishing web pages that not only allow the Victim User to fully authenticate to their account through a malicious site, but also how to automate the theft of information within the account.

Learn more

Attacking LastPass: Compromising an Entire Password Database

Blog Post

Password Management

LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.

Learn more

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Blog Post

Exploitation of Vulnerabilities

When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.

Learn more

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Blog Post

Security Vulnerabilities

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Learn more

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Blog Post

Security Vulnerabilities

Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos