ByePg: Do Blue Screens Really Have to End Up Blue?

PatchGuard is a component of NT Kernel Microsoft introduced back in 2005 to prevent both legitimate and malicious software from patching the kernel in unsupported ways, mainly for purposes such as preventing malicious processes, files and registries being hidden by the patching of system service tables. Researchers kept finding ways around it, researching components of […]

Manufacturing Cyber-Resilient IoT Devices

Whether at home or at the workplace, we are increasingly becoming reliant on various devices that have the ability to connect to the internet or more commonly referred to as the Internet of Things (IoT). As a product manufacturer, Panasonic strives to place secure products on the market for our users. As IoT has become […]

Hunting Kernel Exploits with JANUS

Worldwide, the number of devices per person is increasing. The statistic we found shows that the number of devices per person is expected to be 6.58, a total of about 50 billion devices in 2020. These devices are controlled by the OS, and each OS supports various file systems. Therefore, a filesystem vulnerability can be […]

60 CVEs in 60 Days

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. I will present a complementary approach to fuzzing called MTE. By using MTE, I managed to get over 60 CVEs, all are logical vulnerabilities, in 60 days across many major software vendors like Microsoft, Facebook, Intel, and more. Some […]

Exploiting Weblogic Servers With XMLDecoder RCE Bugs

In 2019, I have reported some XMLDecoder RCE bugs of Weblogic Server to Oracle and the details of these bugs will be disclosed for the first time. These bugs are very funny, during find the bugs , I analyzed the Critical Patch Updates of Weblogic Server and bypassed the patch twice, assigned CVE number CVE-2019-2725/CVE-2019-2729. […]

Pwning Adobe Reader Multiple Times with Malformed Strings

It’s hard to see vulnerabilities caused by malformed strings nowadays not to mention those with exploitable vulnerabilities. It’s not surprising because all the unsafe functions are banned by SDL in modern software development, but if the developers did not use the security enhanced functions correctly, it may lead to critical security vulnerabilities. In the case […]

Public and Private: Common Flaws in ICS Communication Protocols

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are widely used in critical infrastructure (CI) sectors such as power, water, and manufacturing all over the world. If a malicious attacker impacts, takes control of, or compromises a CI system, millions could face a dangerous and chaotic situation such as no power, water, or […]

Beyond Timelines and IOC Matching: An Action Oriented Data Model for Automating Pattern Matching and Analysis in Incident Response Investigations

Digital forensics investigations typically ingest many sources of information, even if all sources come from one computer or even a single hard drive. This is particularly true with security incident response investigations, where the goal is to look into suspicious or anomalous events, determine their cause and assess their consequences. Such investigations typically rely on […]