Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


Kernel Exploitation Case Study - "Wild" Pool Overflow on Win10 x64 RS2 (CVE-2016-3309 Reloaded)

Microsoft reintroduced a kernel vulnerability in Windows 10 Creators Update which was originally patched in 2016. This blog gives some background about the history of this vulnerability and showcases the exploitation of this "wild" Pool-based overflow in the kernel on Windows 10 x64 (RS2).

Read More

sJET (siberas JMX Exploitation Toolkit)

Before I joined siberas, I created a tool with the name “MJET” (Mogwai JMX Exploitation Toolkit) that allowed an easy exploitation of insecure configured Java JMX (Java Management Extensions) services. If you need some additional background information about JMX exploitation I recommend to take a look at this blog post by Braden Thomas and the slides from my OWASP presentation from 2015.

Read More

TYPO3-CORE-SA-2016-013 analysis

TYPO3 is an enterprise Open Source CMS based on PHP. While it might not be as well-known as competitors like Joomla or Wordpress, it has quite a high market share here in Germany. During a recent penetration test I had to deal with an outdated Typo3 installation that was vulnerable to CVE-2016-5091. As details for this vulnerability were not publicly available, I thought I share my analysis.

Read More

Pwning Adobe Reader - SyScan360 and Infiltrate 2016 slide decks

Hi everyone, in the last few weeks I’ve given two presentations (@ SyScan360, Singapore and Infiltrate, Miami) about Pwning Adobe Reader using its embedded XFA engine.

Read More

Pwn2Own 2014 - Escaping the sandbox through AFD.sys

This year Andy and I were finally able to take part in the Pwn2Own contest during the CanSecWest conference in Vancouver. We won the Internet Explorer 11 competition by compromising a fully-patched Windows 8.1 (x64) system. For successful exploitation we abused three distinct vulnerabilities:

Read More