Tag: Windows

Windows Userland Application Attack Surface Enumeration

Blog Post

Inside the domain of vulnerability research, many different methodologies exist for how a researcher may start their journey with auditing an application. This blog provides information on how to enumerate the attack surface of userland applications that are deployed on the Windows operating system.

Read more

Ekoparty Security: Abusing Insecure WCF Endpoints

Blog Post

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Read more

Abusing Insecure WCF Endpoints

Blog Post

During an audit of several Windows VPN services, we identified several WCF endpoints that offered direct control of command line parameters used in the creation of an elevated process. This allowed for local privilege escalation to the SYSTEM user.

Read more

[Video] Abusing Insecure WCF Endpoints

Video

Watch the video of VerSprite’s Security Research presentation at Ekoparty 2018 on Abusing Insecure WCF Endpoints.

Read more

We are an international squad of professionals working as one.

Email

[email protected]

logos