Home | VerSprite Resources
View VerSprite's Compliance Advisory Services →
Download Service Listings
Ematic Wavlink Winstar Jetstream Router Security Backdoor
A web-accessible backdoor was found in affordable Wi-Fi routers sold at Walmart, eBay, and Amazon. In this article, VerSprite experts explore the backdoor vulnerability investigation and provide mitigation solutions.
Learn more
Peter Vogelberger
Exploitation of Vulnerabilities
In part three of this four-part series, VerSprite’s security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through using both dynamic analysis and static analysis.
Versprite
Security Vulnerabilities
VerSprite’s Threat Intelligence team releases real-time updates on cybersecurity issues that could disrupt your organization. Get the critical insights you need quickly so you can remediate before there is a disruption.
Microsoft Windows Vulnerabilities
What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.
Cyberwarfare
The foundation of VerSprite’s penetration testing service is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).
Joaquin Paredes
N-Day Vulnerabilities and Exploits
Have you ever come across undocumented Windows structures that need to be reverse-engineered in order to perform a vulnerability analysis? In this post, we will demonstrate how to update these using IDA Pro and HexRays Decompiler for the ESTROBJ and STROBJ structures on Windows 10 x64.
Grant Willcox
Reverse Engineering
After investigating an information leak within Windows 10 in more detail, we decided to see how feasible it would be for an attacker to create an IDAPython script that could discover CVE-2019-1436 and other similar memory leaks automatically.
In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.
Robert Hawes
Named Pipe Servers
In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone