ASUS Aura Sync: Stack-Based Buffer Overflow

0x01: Details Advisory: ASUS Aura Sync 1.07.71 ene.sys Stack-Based Buffer Overflow Advisory ID: DH-ADV-2019-001 CVE ID: CVE-2019-17603 Revision: 1.1 Last Modified: 2019/10/14 Date Reported: 2019/09/08 Advisory Published: 2020/06/01 Affected Software: Asus Aura Sync Remotely Exploitable: No Locally Exploitable: Yes Vendor URL: https://www.asus.com/ 0x02: Vulnerability details The kernel driver ene.sys shipped with ASUS Aura Sync version 1.07.71 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in:...

June 1, 2020 · 5 min · dhn

Offsec says 'Try harder!' or how to become an OSEE

TL;DR: In this blog post I’m going to write about my personal experience about the Offensive Security Exploitation Expert (OSEE) certificate and the Advanced Windows Exploitation (AWE) training; delivered in Las Vegas at BlackHat USA 2019. 0x01: Introduction After I’ve passed the OSCP in December 2017 and the OSCE in July 2018, I’ve decided to improve my exploitation skills especially with the focus on Windows and modern memory protection techniques such as ASLR, DEP, SMEP, CFG, and ACG....

January 12, 2020 · 9 min · dhn