Exodus is excited to formally announce a strategic partnership with Kenna Security —a pioneer and leader in vulnerability management and risk assessment. The Kenna platform provides enterprises with a powerful view into their vulnerability profile, collected from vulnerability scanning tools, such as Qualys and Rapid7, and is further augmented by intelligence feeds. Continue reading
Tag Archives: vulnerability
Exodus announces new acquisition program for both Zero-Day and N-Day vulnerabilities
Exodus Intelligence has unveiled the new Research Sponsorship Program (RSP), focused on acquiring vulnerability research and exploits from the global cybersecurity research community. While continuing to acquire Zero-Day research, the RSP is the first widely available acquisition program to offer bounties for exploits that exercise N-Day vulnerabilities. Continue reading
EXODUS INTELLIGENCE JUNE 2016 NEWSLETTER
What happened at Exodus Intelligence in the month of June? It’s all here, in the Exodus Intelligence June 2016 newsletter! Continue reading
Don’t wait for a patch
Waiting for a patch can cost you the business. When advanced threat actors are aware of an unpatched vulnerability and you are not, actors have free reign of your resources. Don’t wait for a patch. At Exodus Intelligence, we scour through common applications used in the enterprise. We find zero-day vulnerabilities so you can detect and stop the most advanced threats before you need to patch. Continue reading
Exodus Intelligence 2016 Training Course
Vulnerability Development Master Class
Since our inception, Exodus Intelligence has provided training courses on a variety of advanced subjects which have consistently been filled with students from around the world. Over the last few years, we’ve hosted Master Classes in the USA, Asia, and Europe–both publicly and privately (by request).
Once again, our flagship course–the Vulnerability Development Master Class–returns with new content, taught by recognized experts. Known as some of the best in the industry, Exodus instructors are armed with real-world experience, as well as multiple Pwn2Own victories and PWNIE awards. Continue reading
Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792
Update: After we reported our bypasses to Microsoft, they released the MS13-008 bulletin to patch CVE-2012-4792 officially.
After posting our analysis of the current 0day in Internet Explorer which was used in a “watering hole” style attack hosted on the Council for Foreign Relations website, we decided to take a look at the Fix It patch made available by Microsoft to address the vulnerability. After less than a day of reverse engineering, we found that we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week.
We have included details on the bypass to customers of our intelligence feeds and will notify Microsoft of the issue. In practice with coordinated vulnerability disclosure, we intend to update this post with details when Microsoft has addressed the problematic patch.
For more information, keep an eye on this post or contact us to inquire about our offerings.