Exploit Techniques

Patch-gapping Google Chrome

SEPTEMBER 9, 2019

Patch-gapping is the practice of exploiting vulnerabilities in open-source software that are already fixed (or are in the process of being fixed) by the developers before the actual patch is shipped to users. This...

Read More

Pwn2Own 2019: Microsoft Edge Sandbox Escape (CVE-2019-0938). Part 2

MAY 27, 2019

By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of a logical vulnerability in the implementation of the Microsoft...

Read More

Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1

MAY 19, 2019

By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain browser exploit was successfully demonstrated. The exploit consisted of...

Read More

Exploiting the Magellan bug on 64-bit Chrome Desktop

JANUARY 22, 2019

Author: Ki Chan Ahn In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure...

Read More

HPE Intelligent Management Center: a case study on the reliability of security fixes

OCTOBER 16, 2018

This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native binaries. Author: István Kurucsai During our work on N-day...

Read More

To ../ or not to ../, that is the question

SEPTEMBER 13, 2018

Contributors: Grant Willcox and Gaurav Baruah Intro During our day-to-day research of N-day vulnerabilities at Exodus, we often come across public advisories containing incorrect root cause analysis of the core vulnerability. This blogpost details...

Read More

True Key: the not so uncommon story of a failed patch

SEPTEMBER 10, 2018

In this blog post, we examine the vendor-supplied patch addressing CVE-2018-6661.  The vulnerability was initially reported to Intel Security (McAfee) in June 2017 and disclosed publicly in April 2018.  Additionally, we contacted McAfee regarding the...

Read More

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets

JULY 26, 2017

Author: Nitay Artenstein Introduction Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in recent years. While some are occasionally still found against...

Read More

Firmware Updates Made Easy

SEPTEMBER 8, 2016

Contributors: David Barksdale of Exodus Intelligence, Independent Security Researcher Jeremy Brown These are two vulnerabilities that allow a remote unauthenticated attacker to update firmware. If the device is configured with MAC or IP filtering, the...

Read More

VxWorks: Execute My Packets

AUGUST 9, 2016

Contributors David Barksdale and Alex Wheeler 1. Background Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited by anonymous remote attackers on the same network without...

Read More