Think that having your lawyer engage your penetration testing consultancy will help you? Think again.

Guest Post: Neil Jacobs (deals with cyber law stuff) Many companies engage their penetration testing(pentesting) companies through their lawyers, i.e., the lawyers themselves actually engage the pentester (and not the client), and the lawyers provide the pentest results to the client usually via a report. The thinking behind this is that doing so will “cloak” … Read more

Impersonating Other Players with UDP Spoofing in Mirror

Mirror is an open-source multiplayer game framework for Unity. The history of Mirror is pretty interesting, I’d encourage anyone interested to give it a read on their site. Long story short, it was built as a replacement for UNET (which was provided by Unity but had a number of issues and was ultimately deprecated). Mirror … Read more

Mitigating SSRF in 2023

SSRF surfer

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021. This reflects both how common and how impactful this type of vulnerability has become. … Read more

Hacking Unity Games with Malicious GameObjects, Part 2

In my last post I talked about a way I found to execute arbitrary code in Unity using no custom scripts, only built-in components. This allowed potential attacks against Unity games that load AssetBundles from untrusted sources since, although AssetBundles can’t include custom scripts, they can include GameObjects containing these built-in components. The attack I outlined in that blog used UnityEvents, which are primarily exposed via Unity’s built-in UI elements, but the attack required user interaction to trigger.

In this post I am going to discuss a zero-click method of triggering UnityEvents, along with some additional things I’ve learned on this topic. I will also introduce a new exploit that does not use UnityEvents and removes one of the limitations of the UnityEvent-based attack (while adding limitations of its own). Finally, I will give some updated remediation thoughts.

Reverse Engineering Windows Printer Drivers (Part 2)

In our blog last post (Part 1), we discussed how you can find and extract drivers from executables and other packages and the general methodology for confirming that drivers are loaded and ready. We also highlighted the Windows driver architecture. In this post, we’ll focus on an introduction to the driver architecture, basics of reverse … Read more