SMB (Server Message Block) has been recently highlighted with the CVE-2020-0796, also known as “SMBGhost”. This vulnerability is located in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol and only affects new operating systems, from the Windows 10 Version 1903 to the Windows 10 Version 1909. Due to the fear of the new “wormable” attack
This vulnerability report is intended to demonstrate how the EcoStruxure Control Expert is prone to an arbitrary file write which results in a Local Privilege Escalation (LPE). An attacker could exploit this vulnerability to take full control of an affected system. This issue comes from a Schneider service, named ModbusDrvSys.exe, which runs with Authority NT/System
This vulnerability report is intended to study two vulnerabilities in Cybereason EDR (Endpoint Detection & Response) that allow a non-privileged user to cause a Denial of Service on two sensitive executables: minionhost.exe: This service runs with Authority NT/System rights and is responsible for collecting and delivering logs from and to other Cybereason executables. ExecutionPreventionSvc.exe: This
This article intends to describe both our experiment and software development to achieve IP tunnelling over LoRa. We made this work in order to improve our knowledge and to test the limitation of such technology. Please note that the software is a proof of concept and provided “as is”. It is made available for use
In this document, we will describe the process of how an attacker can remotely take control of the engineering station by exploiting three 0-day vulnerabilities (CVE-2020-28211, CVE-2020-28212, CVE-2020-28213) in Schneider Electric ControlExpert software: Bypassing project authentication used in the Programmable Logic Controller (PLC) simulator Hijacking existing Unified Messaging Application Services’ (UMAS) session Executing a payload
The Security Operations Centre (SOC) is an established service for continuous protection of companies against cyber threats, and it will extend to cover industrial environments in the near future. However, with the increasing activity of threat actors as well as their growing resources, knowledge and skills, cyber security is a moving target. This is especially
Fuzzing is a very popular and useful technique used by researchers to find vulnerabilities. In this article, we are going to describe how we can use AFL++ and Ghidra emulation engine to fuzz programs in embedded devices running on exotic architectures. This could be an alternative choice when it cannot be easily done using a
