Exploiting the Magellan bug on 64-bit Chrome Desktop
January 22, 2019
Author: Ki Chan Ahn In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using
HPE Intelligent Management Center: a case study on the reliability of security fixes
October 16, 2018
This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native
To ../ or not to ../, that is the question
September 13, 2018
Contributors: Grant Willcox and Gaurav Baruah Intro During our day-to-day research of N-day vulnerabilities at Exodus, we often come across public advisories containing incorrect root
True Key: the not so uncommon story of a failed patch
September 10, 2018
In this blog post, we examine the vendor-supplied patch addressing CVE-2018-6661. The vulnerability was initially reported to Intel Security (McAfee) in June 2017 and disclosed publicly
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets
July 26, 2017
Author: Nitay Artenstein Introduction Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in
Firmware Updates Made Easy
September 8, 2016
Contributors: David Barksdale of Exodus Intelligence, Independent Security Researcher Jeremy Brown These are two vulnerabilities that allow a remote unauthenticated attacker to update firmware. If the
VxWorks: Execute My Packets
August 9, 2016
Contributors David Barksdale and Alex Wheeler 1. Background Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited
Exodus Intelligence 2016 Training Course
May 18, 2016
Vulnerability Development Master Class Since our inception, Exodus Intelligence has provided training courses on a variety of advanced subjects which have consistently been filled with students from
Execute My Packet
February 10, 2016
Contributors David Barksdale, Jordan Gruskovnjak, and Alex Wheeler 1. Background Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA Adaptive Security Appliance is
Stagefright: Mission Accomplished?
August 13, 2015
Update (2015-08-13 1:16pm CST): We’ve been in contact with Zimperium and are working with them to provide coverage for detection of this flaw through their