(+84) 096 357 5706

Security News, Alerts and Research

Đăng ký theo dõi để nhận ngay những bài viết chất lượng

macOS Rootkit Emulation

Posted on 18 Dec 2020

macOS Rootkit Emulation

Kernel rootkit is considered the most dangerous malware that may infect computers. Operating at ring 0, the highest privilege level in the system, this super malware has unrestricted power to control the whole machine, thus can defeat all the defensive and monitoring mechanisms. Unfortunately, dynamic analysis solutions for kernel rootkits are severely lacking; indeed, most … Continue reading “macOS Rootkit Emulation”

Read more
Cesanta Mongoose 6.16 – Integer overflow

Posted on 06 Dec 2019

Cesanta Mongoose 6.16 – Integer overflow

CyStack Advisory ID CSA-2019-04 CVE IDs CVE-2019-19307 Severity Critical CVSS v3 Base 9.8 Synopsis CyStack Security discovered an integer overflow vulnerability in the implementation of MQTT protocol in the Cesanta Mongoose Library version 6.16. By exploiting the vulnerability, a remote, unauthenticated attacker can perform a DoS attack to broker server with an infinite loop or … Continue reading “Cesanta Mongoose 6.16 – Integer overflow”

Read more
Static binary injection with high-level code

Posted on 07 Nov 2019

Static binary injection with high-level code

Giới thiệu Static binary injection là một kỹ thuật dùng để chèn những đoạn code từ ngoài vào trong một file thực thi để theo dõi hoặc thay đổi hành vi của chương trình trong quá trình chạy. Nếu là một kẻ tấn công, hắn có thể sử dụng kỹ thuật này để thực hiện … Continue reading “Static binary injection with high-level code”

Read more
D-Link DNS-320 ShareCenter <= 2.05.B10 - Unauthenticated Remote code execution

Posted on 12 Sep 2019

D-Link DNS-320 ShareCenter <= 2.05.B10 - Unauthenticated Remote code execution

CyStack Advisory ID CSA-2019-03 CVE IDs CVE-2019-16057 Severity Critical CVSS v2 Base 10.0 Vendor’s announcement Link Synopsis CyStack Security discovered a remote code execution vulnerability in the D-Link DNS-320 ShareCenter device which its version is lower or equal 2.05.B10 . By exploiting the vulnerability, a remote, unauthenticated attacker can access to all application commands with … Continue reading “D-Link DNS-320 ShareCenter <= 2.05.B10 - Unauthenticated Remote code execution"

Read more
Subdomain takeover &#8211; Chapter two: Azure Services

Posted on 11 Aug 2019

Subdomain takeover – Chapter two: Azure Services

As I described in the chapter one, we can control the content of a sub-domain d by  controlling the content of domain d1 that d points to through its CNAME record. Azure, a popular cloud service offer many services that can create such a d1. In this article, I will go details about services of … Continue reading “Subdomain takeover – Chapter two: Azure Services”

Read more
Trape 2.0 SQLi and stored XSS

Posted on 13 Jul 2019

Trape 2.0 SQLi and stored XSS

CyStack Advisory ID CSA-2019-02 CVE IDs CVE-2019-13488, CVE-2019-13489 Severity Medium Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It is a quite popular project, with 4k stars on Github, and a presentation at Black Hat Asia 2018. Recently, I have discovered … Continue reading “Trape 2.0 SQLi and stored XSS”

Read more
Arbitrary file read vulnerability in Hackerrank

Posted on 13 May 2019

Arbitrary file read vulnerability in Hackerrank

Summary HackerRank is a technical hiring platform that helps businesses evaluate software developers based on skill. I found several its website can be attacked to read arbitrary files. Details Most websites of Hackerrank use Ruby on Rails (RoR) as their backend. Unfortunately, its recent versions are vulnerable to a file content disclosure vulnerability (CVE-2019-5418). By … Continue reading “Arbitrary file read vulnerability in Hackerrank”

Read more
Multiple XSS vulnerabilities in i-librarian 4.10

Posted on 08 May 2019

Multiple XSS vulnerabilities in i-librarian 4.10

CyStack Advisory ID CSA-2019-01 CVE IDs CVE-2019-11359, CVE-2019-11428, CVE-2019-11449 Severity Medium Recently, we decided to find and get some CVEs assigned. When looking for a web project to audit, we came upon i-librarian 4.10, a PHP web application that has over 100 stars on Github. A few hours of relatively easy work finding bugs, and … Continue reading “Multiple XSS vulnerabilities in i-librarian 4.10”

Read more
Another attack vector of CVE-2019-6340

Posted on 24 Apr 2019

Another attack vector of CVE-2019-6340

Summary In February 2019, Samuel Mortenson from Drupal security team discovered a critical vulnerability in this CMS, identified as CVE-2019-6340 or SA-CORE-2019-003. This vulnerability is a kind of object injection vulnerability which my colleague mentioned in a previous research. According to the original research, this vulnerability enables a remote code execution attack by taking advantage … Continue reading “Another attack vector of CVE-2019-6340”

Read more