Home | VerSprite Resources
View VerSprite's Compliance Advisory Services →
Download Service Listings
Microsoft Windows Security Vulnerabilities
In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.
Learn more
Robert Hawes
Named Pipe Servers
In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.
N-Day Vulnerabilities and Exploits
VerSprite’s Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.
win32kbase!gahDpiDepDefaultGuiFonts
Grant Willcox
Security Vulnerabilities
Even if your organization is running a backend web service that doesn’t support HTTPS, there are still options to use HTTPS, such as using Let’s Encrypt and Nginx. Transport Layer Security (TLS) is very important (even if you are behind a firewall and have IP whitelisting) to protect your website from malicious code injections.
Mark Rood
Google Cloud Platform
Cloud Security Scanner checks for security vulnerabilities in your App Engine and Compute Engine web applications. It is designed to complement your existing secure design and development processes.
Esteban Mendoza
Google Security
In our three-part series Cloud Armor works as a multi-layer firewall for your GCP resources. To configure it, you must use Security Policies which are basically rules that allow or deny traffic from an IP or an IP range.
Phishing Attacks
LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.
James Sibley
Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.
Greg Mosher
When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone