Windows Vulnerabilities

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Blog Post

Security Vulnerabilities

When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.

Read more

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Blog Post

Windows Vulnerabilities

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Read more

Securing Microsoft Azure Environment

Blog Post

Web App Security

Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.

Read more

Exploitation of Remote WCF Vulnerabilities

Blog Post

Windows Vulnerabilities

In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.

Read more

MiTM Attack Between Target Windows Machines and a DNS Server

Blog Post

Backdoor Attack

When performing this attack, we will find two different scenarios. #1: the attacker machine, the victim, and the DNS server are all in the same network segment. #2: the attacker machine is in the same network segment of the Windows victims and the DNS server is placed in another network segment.

Read more

Windows Userland Application Attack Surface Enumeration

Blog Post

Exploitation of Vulnerabilities

Inside the domain of vulnerability research, many different methodologies exist for how a researcher may start their journey with auditing an application. This blog provides information on how to enumerate the attack surface of userland applications that are deployed on the Windows operating system.

Read more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Presentation

Exploitation of Vulnerabilities

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Read more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Blog Post

Exploitation of Vulnerabilities

During an audit of several Windows VPN services, we identified several WCF endpoints that offered direct control of command line parameters used in the creation of an elevated process. This allowed for local privilege escalation to the SYSTEM user.

Read more

[Video] Abusing Insecure WCF Endpoints

Video

Windows Vulnerabilities

Watch the video of VerSprite’s Security Research presentation at Ekoparty 2018 on Abusing Insecure WCF Endpoints. A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Most of these services are started automatically as LocalSystem, which is the highest user privilege level available.

Read more

We are an international squad of professionals working as one.

Email

[email protected]

logos