Team Research blog
One of the first major goals when reversing a new piece of hardware is getting a copy of the firmware. Once you have access to the firmware, you can reverse engineer it by disassembling the machine code. Sometimes you can get access to the firmware without touching the hardware, by downloading a firmware update file … Read more
Introduction Recently a severe vulnerability in the Linux kernel was publicly disclosed and patched. In this post we’ll analyze what this particular security vulnerability looks like in the Linux kernel code and walk you through the publicly published proof-of-concept exploit code by Matthew Daley released May 12th 2014. The original post by the SUSE security team … Read more
On January 31st 2014 a post appeared on oss-seclist [1] describing a bug in the Linux kernel implementation of the x32 recvmmsg syscall that could potentially lead to privilege escalation. It didn’t take long until the first exploits appeared, in this blog post we’ll walk-through the vulnerability and Samuel’s Proof-of-concept exploit in detail. The Vulnerable … Read more
By Max Veytsman At IncludeSec we specialize in application security assessment for our clients, that means taking applications apart and finding really crazy vulnerabilities before other hackers do. When we have time off from client work we like to analyze popular apps to see what we find. Towards the end of 2013 we found a … Read more