Introduction

During a recent engagement, I discovered a machine that is running VMware ESXi 6.7.0. Upon inspecting any known vulnerabilities associated with this version of the software, I identified it may be vulnerable to ESXi OpenSLP heap-overflow (CVE-2021–21974). Through googling, I found a blog post by Lucas Leong (@_wmliang_) of Trend Micro’s Zero Day Initiative, who is the security researcher that found this bug. Lucas wrote a brief overview on how to exploit the vulnerability but share no reference to a PoC. Since I couldn’t find any existing PoC on the internet, I thought it would be neat to develop an…


Introduction

Securing Fortune #1 is exciting, challenging and rewarding — all at the same time. Walmart’s global technology footprint consists of many tech implementations and provides security practitioners with unrivaled challenges and rewards. The Walmart Information Security team works collaboratively with supplier partners to continually enhance the security hygiene of products and services across the entire technology community. Walmart and its partners take security seriously and are committed to positively influencing a strong security culture.

Walmart InfoSec partnered closely with Cisco Systems to responsibly disclose the security vulnerabilities discussed in this blog. …


By: @straight_blast ; straightblast426@gmail.com

The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope this post will be educational to people that are excited to learning how to use debugger for vulnerability analysis.

This post will not visit details on RDP communication basics and MS_T120. Interested readers should refer to the following blogs that sum up the need to know basis:

Furthermore, no PoC code will be provided in this post, as the purpose is to show vulnerability analysis with a debugger.

The…


The folks at Atredis (https://twitter.com/Atredis) recently posted a binary challenge to get the community pumped up for the upcoming Blackhat/Defcon events in Las Vegas.

https://twitter.com/Atredis/status/1018921636337258496

Poking Around

I connected to the server (arkos.atredis.com:4444) and it displayed information that are useful to solving the challenge:


By: @straight_blast ; straightblast426@gmail.com

Introduction

On March 6, 2018, a security researcher named “meh” (will be referred to as author from now on) published a blog post[1] on the vulnerability CVE-2018–6789 that she identified in EXIM 4.89 and below. She gave detailed explanation on how to exploit the vulnerability, however no proof of concept code was release. I decided to develop a PoC based on her strategy, and this blog is a walk through of my proof of concept code. Before proceeding with reading this post, it is mandatory for the readers to read and understand the author’s blog post as…

Johnny Yu (@straight_blast)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store