Home | VerSprite Resources
View VerSprite's Compliance Advisory Services →
Download Service Listings
Microsoft Windows Vulnerabilities
What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.
Learn more
VerSprite
N-Day Vulnerabilities and Exploits
Have you ever come across undocumented Windows structures that need to be reverse-engineered in order to perform a vulnerability analysis? In this post, we will demonstrate how to update these using IDA Pro and HexRays Decompiler for the ESTROBJ and STROBJ structures on Windows 10 x64.
Grant Willcox
VerSprite recently investigated CVE-2019-1169, a NULL pointer dereference vulnerability in win32k.sys that Microsoft fixed in the August 2019 patch update. This led to the creation of a working exploit which can successfully leak data from arbitrary kernel addresses on affected Windows 7 machines.
Exploitation of Vulnerabilities
After investigating an information leak within Windows 10 in more detail, we decided to see how feasible it would be for an attacker to create an IDAPython script that could discover CVE-2019-1436 and other similar memory leaks automatically.
Android Vulnerabilities and Exploits
In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.
Fabius Watson
Remote Attack
The trend of automotive security research began in the 2010s and has resulted in the discovery of several critical security issues within modern vehicles. Hackers have repeatedly demonstrated their ability to remotely track, steal, and control a variety of unaltered vehicles.
Exploit Development
In this blog, we’ll dive into the process of finding the advised vulnerability and writing a simple exploit for VyprVPN for MacOS.
In part two of the series we are going to explore and leverage Frida’s new Arm64Writer API to build an in-memory reverse TCP shell.
In this blog series we will be covering the endless possibilities and power of Frida. For those of you who have never heard of Frida…
Back to Resources
We are an international squad of professionals working as one.
Email
Phone
