Exploitation Archives | Page 2 of 2

JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability

Hello w0rld! JUMPSEC researchers have spent some time on the glibc DNS vulnerability indexed as CVE 2015-7547 (It hasn’t got a cool name like GHOST unfortunately…). It appears to be a highly critical vulnerability and covers a large number of systems. It allows remote code execution by a stack-based overflow in the client side DNS resolver. In this post we would like to present our analysis. Google POC overview Google POC Network Exploitation Timeline Google POC Exploit Code Analysis First...

Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] : Attacks and Defenses

by | Nov 10, 2014 | Exploitation

Recently two 0-day exploits were revealed. The first one was given the name Sandworm, however, the name convention was mistakenly including the "worm" term as we will see. The second one CVE-2014-4113 is a privilege escalation local exploit for Windows. Sandworm as said includes the word "worm" most likely for making the situation more dramatic. A worm is a self-propagating piece of code that does not take human intervention. It is said that Sandworm was used in cyber espionage operations...

JUMPSEC LABS

CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability

Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] : Attacks and Defenses

[Latest Posts]

[Categories]

GitHub

Follow JumpsecLabs

Disclaimer