Boris Larin – Page 2 – WindowsTechs.com

GReAT thoughts: Awesome IDA Pro plugins

Posted on July 21, 2020 by Boris Larin

In the second ‘GReAT Ideas. Powered by SAS’ webinar, I’ll be talking about awesome IDA Pro plugins that I regularly use. This article is a sneak peek into what I’ll be discussing. Continue reading GReAT thoughts: Awesome IDA Pro plugins→

Magnitude exploit kit – evolution

Posted on June 24, 2020 by Boris Larin

Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year. Continue reading Magnitude exploit kit – evolution→

The zero-day exploits of Operation WizardOpium

Posted on May 28, 2020 by Boris Larin

Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack. Continue reading The zero-day exploits of Operation WizardOpium→

Hacking microcontroller firmware through a USB

Posted on March 21, 2019 by Boris Larin

I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device. Continue reading Hacking microcontroller firmware through a USB→

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Posted on December 12, 2018 by Boris Larin

In October 2018, our AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. Continue reading Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)→

A new exploit for zero-day vulnerability CVE-2018-8589

Posted on November 14, 2018 by Boris Larin

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589. Continue reading A new exploit for zero-day vulnerability CVE-2018-8589→

Delving deep into VBScript

Posted on July 3, 2018 by Boris Larin

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Continue reading Delving deep into VBScript→

Disappearing bytes: Reverse engineering the MS Office RTF parser

Posted on February 21, 2018 by Boris Larin

In 2017, we encountered lots of samples that were ‘exploiting’ the implementation of Microsoft Word’s RTF parser to confuse all other third-party RTF parsers, including those used in anti-malware software. Continue reading Disappearing bytes: Reverse engineering the MS Office RTF parser→

Analyzing an exploit for СVE-2017-11826

Posted on October 26, 2017 by Boris Larin

The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser. Continue reading Analyzing an exploit for СVE-2017-11826→