Welcome to BFS Labs
Here you will be presented with the latest and most exciting security research activities undertaken by the Blue Frost Security research team. You will find whitepapers, tools, advisories and blog posts.
Advisories
-
LG PC Suite Insecure Update Mechanism
A vulnerability inside the update mechanism was identified which allows an attacker to remotely execute arbitrary code on the target system.
-
Huawei HiSuite Insecure Service Directory ACLs
A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.
-
Samsung SW Update Insecure Service Directory ACLs
A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.
-
FireEye Detection Evasion and Whitelisting of Arbitrary Malware
An analysis engine evasion was identified which allows an attacker to completely bypass FireEye's virtualization-based dynamic analysis on Windows and whitelist arbitrary malicious binaries.
Publications
-
Abusing GDI for Ring0 Exploit Primitives: Evolution
Windows 10 kernel exploitation techniques based on the latest Windows 10 RS3 insider preview
-
Look Mom! I Don’t Use Shellcode
A Browser Exploitation Case Study for Internet Explorer 11
-
Exploiting CVE-2014-4113 on Windows 8.1
Analysis of the Windows kernel vulnerability CVE-2014-4113, demonstrating how it can successfully be exploited on Windows 8.1.
Blog
-
Don't Follow The Masses: Bug Hunting in JavaScript Engines
Analysis of CVE-2019-5790 and how the search for unexplored attack surface in V8 led to its discovery.
-
BFS Ekoparty 2018 Exploitation Challenge: Stop the Capital Flight
Win entry tickets to Ekoparty as well as an invitation to the official speaker dinner by stopping capital flight and solving the Argentinean currency crisis!
-
BFS Ekoparty Exploitation Challenge
Win entrance tickets to Ekoparty in Argentina by hacking the unbreakable voting machine.
-
Windows 10 HAL’s Heap – Extinction of the "HalpInterruptController" Table Exploitation Technique
Another kernel exploitation technique killed in Windows 10 Creators Update
-
Understanding Emergency Windows Update MS14-068
This post explains the functionality of the critical vulnerability CVE-2014-6324 found in the Windows implementation of the Kerberos authentication protocol.
RT @jgrusko: Finally been credited in Samsung's Android Security Update for this month: https://t.co/W0YBBebrqW Got assigned SVE… https://t.co/hIY2KA0Z1F
2 weeks, 1 day ago
Blue Frost Security researcher Eloi (@esanfelix) kicking off his talk about TEE exploitation at #INFILTRATE19 https://t.co/WxwkMnrthP
2 weeks, 6 days ago
Don't Follow The Masses: Bug Hunting in JavaScript Engines https://t.co/vAUBsGzNia
3 weeks, 3 days ago
Our very own.@esanfelix killing it at #Zer0Con2019 https://t.co/yzmF6L9xbD
1 month, 1 week ago
RT @_ringzer0: #Ringzer0 is honoured to have @offensive_con and @bluefrostsec as friends of the event! And for those of you who mi… https://t.co/jpFlzzKt8N
1 month, 1 week ago