Silver Bullets and Fairy Tails
July 23, 2014
Introduction This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system. As the Tails website
A browser is only as strong as its weakest byte – Part 2
December 9, 2013
As promised, the follow up from our previous post. Before Thanksgiving, we left off with IE9 coughing up bytes. We’ll poke it some more today
A browser is only as strong as its weakest byte
November 26, 2013
Back in September, FireEye posted a blog entry discussing CVE-2013-3147, a vulnerability in Microsoft Internet Explorer. They pointed out that Microsoft patched the issue on
DoS? Then Who Was Phone?
January 7, 2013
Introduction This post presents exploitation notes on a vulnerability we discovered in Asterisk, an open source telephony solution produced by Digium. We reported this bug
Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792
January 4, 2013
Update: After we reported our bypasses to Microsoft, they released the MS13-008 bulletin to patch CVE-2012-4792 officially. After posting our analysis of the current 0day
Happy New Year Analysis of CVE-2012-4792
January 2, 2013
A new year has arrived and, although a little late, the time has come for me to unpack the present that Santa gave to the
What does a flightless bird and SCADA software have in common?
November 25, 2012
They’re both easy targets. If you’ve been paying attention to the security industry for any length of time then you’re probably familiar with the non-disclosure
Adobe Shockwave and Introspection
August 12, 2012
From Wikipedia: In computing, type introspection is the ability for a program to examine the type or properties of an object at runtime. These days