Thursday, May 5, 2016

“Squoison” Attack: High-severity Vulnerability in Squid Proxy Server Allows Cache Poisoning

Jianjun Chen, a postgraduate student at Tsinghua University, discovered a critical vulnerability in the popular Squid proxy server.  He found that the system fails to conform to the RFC 7230 standard and is not capable of parsing/processing the Host header in HTTP requests properly. This allows attackers to conduct a Cache Poisoning attack using a specially crafted malicious packet.

Thursday, March 31, 2016

From Telemetry to Open Source: an Overview of Windows 10 Source Tree

There is a lot of internal information available about Microsoft software, despite the fact that it is closed-source. For example, export of library functions by names, which provides some information on the interfaces used. Debugging symbols used for troubleshooting of operating system errors are publicly available; however, there are only compiled binary modules at hand. In this article, we will try to determine what they looked like prior to compilation using only legal methods. 

Wednesday, February 24, 2016

Decipher Updates of a Popular 4G Modem: Dmitry Sklyarov’s Method

What could a reverse engineer do if trying to examine device code he couldn’t find anything except encrypted firmware files? Here is a real story how to meet the challenge with basic knowledge of computer science and mere logic.

We do not specify the modem vendor or exact names of the files deliberately — this article focuses on the challenge and an interesting approach to the solution. This method is not applicable to the latest models of the modem, but it might work with older ones and other vendors.

Thursday, February 4, 2016

PayPal Remote Code Execution

In December 2015, I found a critical vulnerability in one of PayPal business websites ( It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java object deserialization and to access production databases. I immediately reported this bug to PayPal security team, and it was fixed promptly.

Friday, January 22, 2016

FreeBSD Remote DoS Exploit (Demo) (CVE-2016-1879)

The FreeBSD team has announced their operating system was detected to contain critical vulnerabilities that could be exploited to conduct DoS attacks, escalate user privileges, and disclose important data.

Wednesday, December 2, 2015

Critical Vulnerabilities in 3G/4G Modems or how to build Big Brother

This report is the continuation of "#root via SMS", a research made by the SCADA Strangelove team in 2014. It was devoted to telecommunications equipment vulnerabilities with modem flaws only partially covered. This document describes vulnerabilities found and exploited in eight popular 3G and 4G modems available in Russia and worldwide. The findings include Remote Code Execution (RCE) in web scripts, integrity attacks, Cross-Site Request Forgery (CSRF), and Cross-Site Scripting (XSS).

The research covers a full range of attacks against carrier customers using these types of modems — device identification, code injection, PC infection, SIM card cloning, data interception, determining subscriber location, getting access to user accounts on the operator's website, and APT attacks.

Wednesday, November 18, 2015

Web-application vulnerabilities: no light at the end of the tunnel

There has been significant growth in web applications, from official sites and ERP systems, to e-commerce and e-banking platforms, and portals providing government services. These applications have increasingly become a target for hackers attempting to target enterprise information systems. Positive Technology conducted a study in 2014 to assess the state of web application security. The key findings are discussed below.