Showing Posts From

• James Loureiro
• 25 Sep 2017

Biting the Apple that feeds you - macOS Kernel Fuzzing

An automated kernel fuzzing framework was developed for the macOS XNU kernel using an in-memory fuzzer with static and dynamic analysis techniques. The framework targeted core subsystems to identify critical vulnerabilities in macOS. The approach aimed to address the limited existing automated kernel fuzzing solutions for the Apple platform.

• William Knowles
• 22 Sep 2017

"Tasking" Office 365 for Cobalt Strike C2

A novel Command and Control (C2) technique for Cobalt Strike was demonstrated using Office 365's Exchange Web Services. The technique leverages Outlook tasks as a communication channel to transmit malicious traffic through a legitimate service. The proof-of-concept shows how attackers can use the External C2 interface to create covert communication paths through enterprise collaboration tools.

• Mateusz Fruba
• 19 Sep 2017

Kernel Driver mmap Handler Exploitation

This whitepaper explores exploitation techniques for Linux kernel driver memory mapping vulnerabilities. The research addresses the lack of public documentation on identifying and exploiting security flaws in kernel driver development. The goal is to provide guidance for developers to understand and mitigate memory mapping issues in kernel drivers.

• William Knowles
• 18 Sep 2017

Land, Configure Microsoft Office, Persist

This presentation explores native Microsoft Office add-in mechanisms that can be exploited for persistence on compromised workstations. Various techniques for abusing Office add-ins are analyzed from a red teaming perspective. The talk examines deployment complexity, privilege requirements, and effectiveness in different computing environments.