Intel, Please Stop Assisting Me
This post focuses on two vulnerabilities the CyberArk Labs team uncovered in the Intel Support Assistant that affected the millions of Windows machines that run this software. The first vulnerability is of an arbitrary file ... Read More
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?
This blog entry is a special anti-malware edition showcasing how the most common bugs security products suffer from can allow a standard user to escalate into a privileged user. What we found through our research ... Read More
Group Policies Going Rogue
This blog –part of a year-long research project that uncovered 60 different vulnerabilities across major vendors – discusses a vulnerability in the Windows group policy object (GPO) mechanism. Focused specifically on the policy update step, ... Read More
Lazy Privilege Escalation: Abusing Dell’s DUP Framework, CVE-2019-3726
This blog is part two of a continuing series describing research I performed between April and July 2019. A few weeks ago, we published the first entry in a blog series highlighting research I conducted ... Read More
Follow the Link: Exploiting Symbolic Links with Ease
This blog is part one of a continuing series describing research I performed between April and July 2019. In the recent years, the most common way to find vulnerabilities has been fuzzing. Since I’m interested ... Read More
DLLSpy – Tighten Your Defense by Discovering DLL Hijacking Easily
DLL hijacking is an attack that exploits the Windows search and load algorithm, allowing an attacker to inject code into an application through disk manipulation. In other words, simply putting a DLL file in the ... Read More
