Our Blog

The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938

Reading time: ~11 min
Posted by Hector Cuesta on 28 October 2019
Categories: Cve, Exploit, Variant analysis, Vulnerability research, Code analysis, Cve-2019-15937, Cve-2019-15938, Ql, Semmle, Vulnerability
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found...

Analysis of a 1day (CVE-2019-0547) and discovery of a forgotten condition in the patch (CVE-2019-0726) – Part 1 of 2

Reading time: ~16 min
Posted by Hector Cuesta on 02 May 2019
Categories: Cve, Cve-2019-0547, Cve-2019-0726, Dhcp, Exploit, Kb4480966, Patch diffing, Research, Diffing, Protocol, Windows
This post will cover my journey into the analysis of CVE-2019-0547 (Affecting the windows DHCP client), a vulnerability discovered by...

Understanding PEAP In-Depth

Reading time: ~21 min
Posted by Dominic White on 18 April 2019
Categories: Cve, Deepdive, Ios, Mac, Rf, Rogue-ap, Wifi
tl;dr We reported a long standing PEAP bug in all Apple devices that would allow an attacker to force any...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min
Posted by Javier Jimenez on 18 April 2019
Categories: Cve, Exploit development, Internals, Webapps, 0day, Cve-2018-19204, Exploit, Prtg network monitor, Web application
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...

Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode

Reading time: ~10 min
Posted by Javier Jimenez on 20 June 2017
Categories: Apache server, Cve, Fuzzing, Httpd, Afl, Cve-2017-7668
Intro Recently, I reported CVE-2017-7668 (Apache Server buffer-over-read). This is a cross-post from my personal blog where I explain how...