LIFE AS A PROFESSIONAL HACKER

|
Last month Guido Vranken hosted a successful Reddit AMA , sharing insight on his experience as a professional vulnerability researcher. Top questions from Reddit included what advice he had for someone looking to make money from vulnerability research, his process for hacking, and what advice he had specifically for someone ... Read More

Life As A Professional Hacker

|
Last month Guido Vranken hosted a successful Reddit AMA, sharing insight on his experience as a professional vulnerability researcher. Top questions from Reddit included what advice he had for someone looking to make money from vulnerability research, his process for hacking, and what advice he had specifically for someone heading ... Read More

Uncovering Memory Defects in cereal (CVE-2020-11104 & CVE-2020-11105)

Introduction Deserialization of untrusted input is a common attack vector, making both the MITRE top-25 most dangerous software errors. Even without an attacker, mistakes in serialization or deserialization decrease the reliability of your code ... Read More
UNCOVERING MEMORY DEFECTS IN CEREAL (CVE-2020-11104 & CVE-2020-11105)

UNCOVERING MEMORY DEFECTS IN CEREAL (CVE-2020-11104 & CVE-2020-11105)

|
Introduction Deserialization of untrusted input is a common attack vector, making both the MITRE top-25 most dangerous software errors . Even without an attacker, mistakes in serialization or deserialization decrease the reliability of your code. Cereal is a light-weight, highly used, general-purpose serialization library written in C++. It’s the recommended ... Read More

Uncovering OpenWRT remote code execution (CVE-2020-7982)

Introduction For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code ... Read More
UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

|
Introduction For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code. I found this vulnerability initially by chance when I was preparing ... Read More