TL;DR This vulnerability allows attackers to impersonate Microsoft Support via the built-in remote support tool of Windows 10 named "Quick Assist". Microsoft decided not to »
TL;DR This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful »
TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user »
Intro Windows Remote Assistance allows someone you trust take over your PC and fix a problem from anywhere around the world. It relies on the Remote »
Table of contents Intro Root cause analysis Proof-of-Concept Intro Late last year while setting up a fuzzer to target the SMB protocol, I discovered a vulnerability »
Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »
This is the presentation video from the HIP 16 presentation Tom and I did earlier this summer. I hope you enjoy it! »
Intro This vulnerability is related to the initial vulnerbility which I and my collegue Tom found back in February, namely the Microsoft Security Bulletin MS16-014. More »
Intro On the 30th of June, Tom and I gave a presentation at Hack In Paris about the vulnerabilities we discovered and which could be abused »
Intro This blog post is a continuation of my previous post which can be found here. The reason I devided is because two seperate vulnerabilities come »