Categories
Tags
EDR Part 3: One Bug to Stop them all
2025-02-24
This post describes a DoS vulnerability affecting most Windows EDR agents. The vulnerability is an issue in the handling of already existing objects in the Object Manager's namespace.
Manuel Feifel
|
3380 words
|
17 minutes
EDR Part 2: Driver Analysis Results
2025-02-17
The second part describes the process and results of the EDR driver security analysis of Palo Alto Cortex using manual analysis and Sophos Intercept X using snapshot fuzzing. Only minor vulnerabilities were identified (CVE-2024-5905).
Manuel Feifel
|
3557 words
|
18 minutes
EDR Part 1: Intro & Security Analysis of EDR Drivers
2025-02-10
This article gives an overview of the attack surface of EDR software and describes the process to search for attack surface on EDR drivers from a low-privileged user.
Manuel Feifel
|
2298 words
|
11 minutes
Tear Down The Castle - Part 2
2025-01-23
To gain insight into common issues and patterns of misconfiguration, we analyzed 250 PingCastle reports collected from Incident Response cases and Compromise Assessments.
Stephan Berger
|
1514 words
|
8 minutes
Tear Down The Castle - Part 1
2025-01-19
To gain insight into common issues and patterns of misconfiguration, we analyzed 250 PingCastle reports collected from Incident Response cases and Compromise Assessments.
Stephan Berger
|
1814 words
|
9 minutes
Breaking CAPTCHAs with image recognition
2023-09-09
This article explains how image recognition services can be used to bypass (i.e. auto-solve) classical alphanumeric CAPTCHAs.
Mario Bischof
|
1339 words
|
7 minutes
CVE-2019-10123: Logistics Sofware SQLi-RCE
2019-04-25
An SQL-Injection to RCE in a custom 'protocol'
Manuel Feifel
|
633 words
|
3 minutes
