Craig Young – Page 2 – WindowsTechs.com

Ghidra 101: Slice Highlighting

Posted on January 7, 2021 by Craig Young

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an… Continue reading Ghidra 101: Slice Highlighting→

Hacking Christmas Gifts: Artie Drawing Robot

Posted on December 23, 2020 by Craig Young

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series,… Continue reading Hacking Christmas Gifts: Artie Drawing Robot→

Ghidra 101: Cursor Text Highlighting

Posted on December 8, 2020 by Craig Young

In this blog series, I will be putting the spotlight on useful Ghidra features that you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective while reverse engineering. Ghidra is an incred… Continue reading Ghidra 101: Cursor Text Highlighting→

Hacking Christmas Gifts: Putting IoT Under the Microscope

Posted on November 30, 2020 by Craig Young

Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

Posted on November 19, 2020 by Craig Young

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, … Continue reading Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild→

A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma

Posted on November 2, 2020 by Craig Young

A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution on unpatched systems. Although there … Continue reading A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma→

SonicWall VPN Portal Critical Flaw (CVE-2020-5135)

Posted on October 14, 2020 by Craig Young

Vulnerability Description Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exis… Continue reading SonicWall VPN Portal Critical Flaw (CVE-2020-5135)→

Learn Ghidra From Home at SecTor 2020

Posted on September 9, 2020 by Craig Young

Running the IoT Hack Lab at SecTor has been a highlight of my year since 2015. Although we won’t be back this year to fill our corner of the MTCC, I’m happy to be teaching A Beginner’s Guide to Reversing with Ghidra as part of the SecTor 2020 virtual c… Continue reading Learn Ghidra From Home at SecTor 2020→

Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues

Posted on August 5, 2020 by Craig Young

The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the securi… Continue reading Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues→

Citrix NetScaler CVE-2019-19781: What You Need to Know

Posted on January 8, 2020 by Craig Young

Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wa… Continue reading Citrix NetScaler CVE-2019-19781: What You Need to Know→