Exodus Intel VRT

Firmware Updates Made Easy

SEPTEMBER 8, 2016

Contributors: David Barksdale of Exodus Intelligence, Independent Security Researcher Jeremy Brown These are two vulnerabilities that allow a remote unauthenticated attacker to update firmware. If the device is configured with MAC or IP filtering, the...

Read More

VxWorks: Execute My Packets

AUGUST 9, 2016

Contributors David Barksdale and Alex Wheeler 1. Background Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited by anonymous remote attackers on the same network without...

Read More

Changing to Coordinated Disclosure

FEBRUARY 18, 2016

UPDATE 5/17/2016: The link for the POC for CVE-2016-1287 is live at https://github.com/exodusintel/disclosures Last week Exodus finished disclosure on CVE-2016-1287 “Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability” officially marking the first time that...

Read More

Execute My Packet

FEBRUARY 10, 2016

Contributors David Barksdale, Jordan Gruskovnjak, and Alex Wheeler 1. Background Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA Adaptive Security Appliance is an IP router that acts as an application-aware firewall,...

Read More

Exodus Adventure CTF 2015

APRIL 27, 2015

This is a walkthrough of the 2015 Exodus Adventure CTF. The CTF takes the form of a text adventure game. Players are provided with an x86 Linux ELF binary of the game and a...

Read More

DoS? Then Who Was Phone?

JANUARY 7, 2013

Introduction This post presents exploitation notes on a vulnerability we discovered in Asterisk, an open source telephony solution produced by Digium. We reported this bug to Digium on November 27th, 2012, and provided it...

Read More