Conversation
neodyme@infosec.exchange

Neodyme

Following our talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: https://neodyme.io/blog/com_hijacking_1/

1
6
0
buherator

buherator

Reply to @neodyme@infosec.exchange
@neodyme Thanks for the mention! Do you have a list of affected vendors (and CVE's) that I could match with my records?
1
0
0
6b6f6c6a61@infosec.exchange

Kolja

Reply to @buherator

@buherator @neodyme Sure, the following 5 vulnerabilities were the result of the research:
- CVE-2024-24912 - CheckPoint Harmony
- CVE-2023-6154 - Bitdefender Total Security
- CVE-2023-7241 - Webroot Endpoint Protect
- CVE-2024-36302/ZDI-CAN-22039 - Trend Micro Apex One
- CVE-2024-6510 - AVG Internet Security

1
1
1
buherator

buherator

Reply to @6b6f6c6a61@infosec.exchange
@6b6f6c6a61 @neodyme Thanks!
0
0
0
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.