By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain
This post explores a recently patched Win32k vulnerability (CVE-2019-0808) that was used in the wild with CVE-2019-5786 to provide a full Google Chrome sandbox escape
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it
This post provides detailed analysis and an exploit achieving remote code execution for the recently fixed Chrome vulnerability that was observed by Google to be
This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native
Contributors: Grant Willcox and Gaurav Baruah Intro During our day-to-day research of N-day vulnerabilities at Exodus, we often come across public advisories containing incorrect root
In this blog post, we examine the vendor-supplied patch addressing CVE-2018-6661. The vulnerability was initially reported to Intel Security (McAfee) in June 2017 and disclosed publicly
Author: Nitay Artenstein Introduction Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in
Contributors: David Barksdale of Exodus Intelligence, Independent Security Researcher Jeremy Brown These are two vulnerabilities that allow a remote unauthenticated attacker to update firmware. If the
Contributors David Barksdale and Alex Wheeler 1. Background Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited