JEA Just-Enough-Administration

Going Back in Time to Abuse Android’s JIT

Video

Android Mobile Security

VerSprite’s Director of Security Research, Ben Watson, takes a deep dive into the Dalvik Virtual Machine’s JIT implementation and how it can be used and abused to execute shellcode.

Read more

Swimming in the Deep End: Taking a Deeper Look at the Use Cases of JEA

Blog Post

Enterprise Data Security

Throughout my testing and implementation of JEA in a private network I was able to discover more reasons why JEA is such an underused but powerful tool.

Read more

Adding and Using JEA in Your Windows Environment

Blog Post

Security Controls

Imagine this scenario: You are a systems engineer. You are tasked with managing user and group access controls. Your company’s two person NOC team has admin rights to perform triage work. Eventually, you discover that your company is compromised and has been for an unknown length of time.

Read more

Experiments with JSON-IO, Serialization, Mass Assignment, and General Java Object Wizardry

Blog Post

Serialization Vulnerabilities

My focus is currently on Java libraries that support the serialization of objects into JSON, and JSON back into objects.

Read more

We are an international squad of professionals working as one.

Email

[email protected]

logos