VS-Labs

Analyzing CVE-2019-1436 on Windows 10 v1903

Security Research

Analyzing CVE-2019-1436 on Windows 10 v1903

VerSprite's Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.

Learn More

Category

View All
Razer Synapse 3 Security Vulnerability Analysis Report
Security Research

Razer Synapse 3 Security Vulnerability Analysis Report

This ungated Vulnerability Analysis Report outline...

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane
Security Research

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

In the last iteration of our four-part series, Ve...

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers
Security Research

Part 3: Reversing & Exploiting Custom Windows Named Pipe Servers

In part three of this four-part series, VerSprite'...

VerSprite Cyberwatch
Security Research

VerSprite Cyberwatch

VerSprite's Threat Intelligence team releases real...

Reversing Stories: Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64
Security Research

Reversing Stories: Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64

Have you ever come across undocumented Windows str...

Investigating Microsoft Windows Vulnerability CVE-2019-1169
Security Research

Investigating Microsoft Windows Vulnerability CVE-2019-1169

VerSprite recently investigated CVE-2019-1169, a N...

Automating CVE-2019-1436 Variant Analysis: An Intro to Detecting Information Leaks via IDAPython
Security Research

Automating CVE-2019-1436 Variant Analysis: An Intro to Detecting Information Leaks via IDAPython

After investigating an information leak within Win...

Part II: Analysis of a Vulnerable Microsoft Windows Named Pipe Application
Security Research

Part II: Analysis of a Vulnerable Microsoft Windows Named Pipe Application

In part II of this three-part series, we dive deep...

Part I: The Fundamentals of Windows Named Pipes
Security Research

Part I: The Fundamentals of Windows Named Pipes

In this three-part blog series, we will discuss th...

Analyzing CVE-2019-1436 on Windows 10 v1903
Security Research

Analyzing CVE-2019-1436 on Windows 10 v1903

VerSprite's Research team uncovers silently patche...

Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information
Application Security, Security Research

Utilizing Reverse Proxies to Inject Malicious Code & Extract Sensitive Information

Utilizing reverse proxies offers a more advanced a...

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry
Application Security, Security Research

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

When performing vulnerability research, it is esse...

Digging up the Past: OS X File Versioning
Digital Forensics & Incident Response, Security Research

Digging up the Past: OS X File Versioning

In this case study of OS X digital forensics, we w...

Exploitation of Remote WCF Vulnerabilities
Security Awareness, Security Research

Exploitation of Remote WCF Vulnerabilities

In this blog, we’ll be discussing the discovery,...

Hacking an Aftermarket Remote Start System
Security Awareness, Security Research

Hacking an Aftermarket Remote Start System

In part two of this series, we’ll dive deeper in...