Last year, I wanted to check out some vulnerabilities that aren't really common and came across CWE-789 which is for Uncontrolled Memory Allocation. As of May 1, 2020, there are 135,422 CVEs recorded in total, 929 CVEs recorded for vulnerabilities containing the keyword "memory consumption" and 399 CVEs recorded for vulnerabilities containing the keyword "memory allocation":
This means the vulnerability classification selected builds up around only 0.98% of the whole CVE database.
While looking into potential vectors based from the examples given found in the CWE-789 page, I ended up listing down software applications that might have undiscovered vulnerabilities and found two zero-days labeled as CVE-2019-14941 and CVE-2019-15234.
The main thing that made me in
It’s the time of the year when ROOTCON, the largest security conference in the Philippines, is back in action. This was my 2nd time attending the conference and my 2nd time joining ROOTCON’s Capture the Flag event. Last year’s CTF was a close game since AJ, Ameer, and I placed 2nd from the overall score but we were able to pull off the 1st place this year against other strong teams including our hackstreetboys teammates Ariz, Felix, and Jym from [hsb]JumboHackdog, and IJ from DiKoPoAlam.
It was honestly a challenging game thanks to the awesome guys from Pwn De Manila.
Since AJ and Ameer did the web (nearly a board wipe!) which can be seen here, I was doing other categories and gonna share this reverse engineering challenge that I managed to solve during the event.
I found the concept of privilege escalation attacks quite interesting because in theory, it's easy to understand the goal but it actually requires creativity to execute or even discover. While doing research, I came across CWE-347 that was assigned to "Improper Verification of Cryptographic Signature". Its description follows as "The software does not verify, or incorrectly verifies, the cryptographic signature for data". Having a thought about this, if we talk about verifying cryptographic signature for data, we point out the integrity of the data involved or simply, "is the data tampered or not?"
If you've seen the example code given in the CWE-347 page, you'll notice that the verification of the cryptographic signature of data can be in the form of checking if a downloaded file w...
While studying for Offensive Security's Cracking the Perimeter last 2018, I encountered proof of concept exploits relating to recovery of sensitive information from memory. A popular tool that actually does this in Windows is mimikatz however, this article will be presenting more about vulnerabilities on 3rd party applications instead of the one intended for what mimikatz targets. This type of vulnerability is described more through CWE-316: Cleartext Storage of Sensitive Information in Memory and you'll actually be surprised that a lot of applications are still vulnerable to this type of issue.
Looking more into the vulnerability
Before I even bothered to discover the same type of vulnerability from other applications, I tried to check out what programs were already disc...
Offensive Security's CTP (Cracking the Perimeter) is a more advanced training for penetration testing leading to Offensive Security Certified Expert if the 48-hour exam is cleared. The course is basically offered similarly to how Penetration Testing with Kali leading to Offensive Security Certified Professional is set. The difference however is that the course for PWK gives a student access to a corporate network where one can work his/her way into getting into each machine through various techniques while CTP on the other hand concentrates more on discovering unknown vulnerabilities.
To make the story short, PWK-OSCP's outcome is for a student being able to do practical penetration testing through methods starting from information gathering up to post exploitation while CTP-OSCE's ...