0day

TAG
Symantec Endpoint Protection 0day
Symantec Endpoint Protection 0day

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course a

Bug Bounty Program Insights
Bug Bounty Program Insights

With the nature of our business, we at Offensive Security take our system security very seriously and we appreciate the benefits of having "the crowd" scrutinize our internet presence for bugs. For this reason, we recently started our own Bug Bounty Program,

NDPROXY Local SYSTEM exploit CVE-2013-5065
NDPROXY Local SYSTEM exploit CVE-2013-5065

In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.

Yahoo DOM XSS 0day – Not fixed yet!
Yahoo DOM XSS 0day – Not fixed yet!

After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo's fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original pro

CA ARCserve – CVE-2012-2971
CA ARCserve – CVE-2012-2971

On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most "good" enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight

QuickZip Stack BOF 0day: a box of chocolates
QuickZip Stack BOF 0day: a box of chocolates

A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files.  After playing with the zip file structure for a while (thanks again, mr_me, for docu