EXODUS BLOG

Exodus Intel VRT

Pwn2Own 2019: Microsoft Edge Sandbox Escape (CVE-2019-0938). Part 2

MAY 27, 2019

By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of a logical vulnerability in the implementation of the Microsoft...

Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1

MAY 19, 2019

By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain browser exploit was successfully demonstrated. The exploit consisted of...

Windows Within Windows – Escaping The Chrome Sandbox With a Win32k NDay

MAY 17, 2019

This post explores a recently patched Win32k vulnerability (CVE-2019-0808) that was used in the wild with CVE-2019-5786 to provide a full Google Chrome sandbox escape chain. Overview On March 7th 2019, Google came out...

A window of opportunity: exploiting a Chrome 1day vulnerability

APRIL 3, 2019

This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release. Chrome Release Schedule Chrome...

CVE-2019-5786: Analysis & Exploitation of the recently patched Chrome vulnerability

MARCH 20, 2019

This post provides detailed analysis and an exploit achieving remote code execution for the recently fixed Chrome vulnerability that was observed by Google to be exploited in the wild. Patch Analysis The release notes...

Exploiting the Magellan bug on 64-bit Chrome Desktop

JANUARY 22, 2019

Author: Ki Chan Ahn In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure...

HPE Intelligent Management Center: a case study on the reliability of security fixes

OCTOBER 16, 2018

This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native binaries. Author: István Kurucsai During our work on N-day...

To ../ or not to ../, that is the question

SEPTEMBER 13, 2018

Contributors: Grant Willcox and Gaurav Baruah Intro During our day-to-day research of N-day vulnerabilities at Exodus, we often come across public advisories containing incorrect root cause analysis of the core vulnerability. This blogpost details...

True Key: the not so uncommon story of a failed patch

SEPTEMBER 10, 2018

In this blog post, we examine the vendor-supplied patch addressing CVE-2018-6661. The vulnerability was initially reported to Intel Security (McAfee) in June 2017 and disclosed publicly in April 2018. Additionally, we contacted McAfee regarding the...

Introduction to Embedded Exploitation

SEPTEMBER 5, 2018

We are pleased to announce the offering of our next training course. This is a 5 day course and will focus on vulnerability research on embedded systems. Instructors David Barksdale – David is Director...

← Previous 1 … 9 10 11 Next →