Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART2: gaining code execution
1. Context The purpose of this project is to obtain an initial access during Red Team or Adversary Simulation exercises by gaining code execution through the exploitation of an integer overflow...
Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART1: controlling the instruction pointer
Table of Content Context Vulnerability analysis Triggering the bug Reversing the affected component Controlling the instruction pointer Precise Heap Spraying Chaining function calls Achieving Instruction Pointer control Context The purpose of this project is to obtain an initial access during...
Adversary simulation exercise: when real-life meet business
This article is short story telling about one adversary simulation exercise we (POST CyberForce Offensive Security) performed. What’s an adversary simulation? Unlike standard penetration test usually targeting one specific solution, application,...
iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE
Table of contents So, what happened with iOS? Debug environment setup Preparing the iPhone Remote debugging session Vulnerability & root-cause analysis Reversing the binary Triggering the crash Setting up an exploitable breakpoint Controlling the execution flow Achieving RCE & discovering...
Anatomy of a Red-Team exercise – Chapter 3
Important note before starting each phase is not fully detailed, the provided information here permits to illustrate the context and to provide a better understanding of this write-up, some details are...
Anatomy of a Red-Team exercise – Chapter 2
Important note before starting each phase is not fully detailed, the provided information here permits to illustrate the context and to provide a better understanding of this write-up, some details are...
Anatomy of a Red-Team exercise – Chapter 1
Important note before starting each phase is not fully detailed, the provided information here permits to illustrate the context and to provide a better understanding of this write-up, some details are...