Home | VerSprite Resources

Security Vulnerabilities

We are passionate about helping our clients chart a course that brings security and business together.

Razer-Synapse-3-by-zany-jadraque

Advisory

Microsoft Windows Vulnerabilities

Razer Synapse 3

Razer Synapse 3’s incorrect permissions assignment vulnerability is allows for Denial of Service (DoS) attacks. This CVE-2021-30494 affects version 3.5.1030.101917.

Learn more

Blog Post

Security Vulnerabilities

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

In the last iteration of our four-part series, VerSprite’s security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through static analysis.

Learn more

Blog Post

Winstars Router Backdoor

Ematic, Wavlink, Winstars, and Jetstream Wi-Fi Routers Have Hidden Backdoor

A web-accessible backdoor was found in affordable Wi-Fi routers sold at Walmart, eBay, and Amazon. In this article, VerSprite experts explore the backdoor vulnerability investigation and provide mitigation solutions.

Learn more

How-to-Reverse-and-Exploit-Windows-Named-Pipe-Servers---VerSprite

Blog Post

Named Pipe Servers

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers

In part three of this four-part series, VerSprite’s security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through using both dynamic analysis and static analysis.

Learn more

Blog Post

VerSprite Cyberwatch

VerSprite’s Threat Intelligence team releases real-time updates on cybersecurity issues that could disrupt your organization. Get the critical insights you need quickly so you can remediate before there is a disruption.

Learn more

Blog Post

Reverse Engineering

What is Responsible Disclosure?

What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.

Learn more

security awareness

Blog Post

PASTA Threat Modeling

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

The foundation of VerSprite’s penetration testing service is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).

Learn more

Reverse engineering undocumented structures,undocumented structures, ESTROBJ Windows 10 x64, STROBJ Windows 10 x64, STROBJ, ESTROBJ, _ESTROBJ, _STROBJ, STROBJ Windows 10, ESTROBJ Windows 10

Blog Post

Reverse Engineering

Reversing Stories: Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64

Have you ever come across undocumented Windows structures that need to be reverse-engineered in order to perform a vulnerability analysis? In this post, we will demonstrate how to update these using IDA Pro and HexRays Decompiler for the ESTROBJ and STROBJ structures on Windows 10 x64.

Learn more

reverse-engineer

Blog Post

Exploitation of Vulnerabilities

Automating CVE-2019-1436 Variant Analysis: An Intro to Detecting Information Leaks via IDAPython

After investigating an information leak within Windows 10 in more detail, we decided to see how feasible it would be for an attacker to create an IDAPython script that could discover CVE-2019-1436 and other similar memory leaks automatically.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos