Forwarded from r0 Crew (Channel) (Bear0)
CVE-2018-5002 - Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East
https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack
CVE-2018-5002 – Analysis of the Second Wave of Flash Zero-day Exploit in 2018
https://blogs.360.cn/blog/cve-2018-5002-en/
Sample for Flash 0 Day - CVE-2018-5002
1. XLSX file with ActiveX Control to download 1st stage SWF
2. 1st stage SWF downloads 2nd stage AES encrypted SWF
3. 1st stage SWF decrypts and loads the 2nd stage SWF (0 day)
https://www.virustotal.com/#/file/0b4f0d8d57fd1cb9b4408013aa7fe5986339ce66ad09c941e76626b5d872e0b5/details
Decrypted SWF for CVE-2018-5002, the full hash is:
f63a51e78116bebfa1780736d343c9eb
#expdev #flash #darw1n
https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack
CVE-2018-5002 – Analysis of the Second Wave of Flash Zero-day Exploit in 2018
https://blogs.360.cn/blog/cve-2018-5002-en/
Sample for Flash 0 Day - CVE-2018-5002
1. XLSX file with ActiveX Control to download 1st stage SWF
2. 1st stage SWF downloads 2nd stage AES encrypted SWF
3. 1st stage SWF decrypts and loads the 2nd stage SWF (0 day)
https://www.virustotal.com/#/file/0b4f0d8d57fd1cb9b4408013aa7fe5986339ce66ad09c941e76626b5d872e0b5/details
Decrypted SWF for CVE-2018-5002, the full hash is:
f63a51e78116bebfa1780736d343c9eb
#expdev #flash #darw1n
Forwarded from r0 Crew (Channel)
Forwarded from r0 Crew (Channel)
MS Edge RCE (CVE-2018-8495). Chaining a few bugs in Edge to be able achieve remote code execution by mainly abusing custom URI schemes.
Article:
https://leucosite.com/Microsoft-Edge-RCE/
POC:
https://github.com/kmkz/exploit/blob/master/CVE-2018-8495.html
#browser #edge #rce #expdev #darw1n
Article:
https://leucosite.com/Microsoft-Edge-RCE/
POC:
https://github.com/kmkz/exploit/blob/master/CVE-2018-8495.html
#browser #edge #rce #expdev #darw1n
Leucosite
Edge RCE
(CVE-2018-8495) Chaining small bugs together to achieve RCE
Forwarded from r0 Crew (Channel)
Forwarded from r0 Crew (Channel)
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to achieve code execution. The vulnerability was initially found in 2016 and the vendor was contacted however no response was ever received. Now several years later (March 2019 at time of writing), the vulnerability still exists in the latest version.
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
#re #fuzzing #expdev
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
#re #fuzzing #expdev
Medium
Introduction to File Format Fuzzing & Exploitation
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to…
Forwarded from r0 Crew (Channel)
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Blogspot
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and wh...
Forwarded from r0 Crew (Channel)
Chrome 1-day RCE PoC (Array.prototype.map)
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
#re #expdev #rce #1day #browser #darw1n
Exodus Intelligence
A window of opportunity: exploiting a Chrome 1day vulnerability
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release.