proof of concept – Page 5 – WindowsTechs.com

6 Best Practices to Make the Most of Your Sandbox Proof of Concept

Posted on November 16, 2018 by Ralf Hund

Any time you incorporate a major new component—such as a sandbox platform—into your security ecosystem, it’s important to do a rigorous, side-by-side evaluation of competing products to determine the best choice for your situation. But a proof of conc… Continue reading 6 Best Practices to Make the Most of Your Sandbox Proof of Concept→

A new exploit for zero-day vulnerability CVE-2018-8589

Posted on November 14, 2018 by Boris Larin

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589. Continue reading A new exploit for zero-day vulnerability CVE-2018-8589→

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

Posted on November 1, 2018 by Tara Seals

Poor DNS housekeeping opens the door to account takeover. Continue reading PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking→

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Posted on October 10, 2018 by AMR

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453. Continue reading Zero-day exploit (CVE-2018-8453) used in targeted attacks→

CVE-2018-11776 Proof-of-Concept Published on GitHub

Posted on August 27, 2018 by Milena Dimitrova

Last week, we reported about CVE-2018-11776, a new highly critical vulnerability residing in Apache Strut’s core functionality, also described as a remote code execution vulnerability that affects all supported versions of Apache Struts 2. The fl… Continue reading CVE-2018-11776 Proof-of-Concept Published on GitHub→

Researchers aim to befuddle cybercriminals with defensive WWII fighter pilot trick

Posted on August 9, 2018 by Filip Truta

Most ethical hackers prefer to lend their services to eliminate potentially harmful bugs. But one team of white hats wants to test the opposite approach to thwarting bad actors – by wasting their time and resources with non-exploitable, intention… Continue reading Researchers aim to befuddle cybercriminals with defensive WWII fighter pilot trick→

Skills That a ‘Next-Level’ Pentester Should Have

Posted on July 25, 2018 by Moshe Zioni

Top tier penetration testers are a breed of their own. Here is how to make sure your pentester is topnotch. Continue reading Skills That a ‘Next-Level’ Pentester Should Have→

Delving deep into VBScript

Posted on July 3, 2018 by Boris Larin

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Continue reading Delving deep into VBScript→

Simple Security Flaws Could Steer Ships Off Course

Posted on June 26, 2018 by Lindsey O'Donnell

A PoC shows how ships could be hacked and fooled into changing direction – all due to simple security issues. Continue reading Simple Security Flaws Could Steer Ships Off Course→

USB Sticks Can Trigger BSOD – Even on a Locked Device

Posted on April 30, 2018 by Tara Seals

Thanks to auto-play, it’s possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary. Continue reading USB Sticks Can Trigger BSOD – Even on a Locked Device→