Welcome to BFS Labs

Here you will be presented with the latest and most exciting security research activities undertaken by the Blue Frost Security research team. You will find whitepapers, tools, advisories and blog posts.

Advisories

Microsoft Hyper-V: Multiple Vulnerabilities in vmswitch.sys
Multiple bugs are present in WPP code when handling set OID requests, one of them allowing to dereference (read access) an attacker controlled pointer, and the rest causing out of bounds read accesses
Microsoft Hyper-V Type Confusion leading to Arbitrary Memory Dereference
A bug present in the Hyper-V (hvix64) hash-table implementation allows to dereference memory near (or belonging to) the hash-table struct object.
Microsoft Hyper-V NULL Pointer Dereference Denial of Service
A bug present in Hyper-V's (hvix64) emulation handler for VMLAUNCH/VMRESUME allows a malicious L2 hypervisor to trigger a NULL pointer dereference in the L1 hypervisor.
Microsoft Hyper-V Stack Overflow Denial of Service
A bug present in the hvix64 module (hypervisor) causes infinite recursion, leading to a stack overflow.

More Advisories ...

Publications

A bug collision tale
The inside story of our CVE-2019-2025 exploit
TEE Exploitation
Exploiting Trusted Apps on Samsung’s TEE
Abusing GDI for Ring0 Exploit Primitives: Evolution
Windows 10 kernel exploitation techniques based on the latest Windows 10 RS3 insider preview
Look Mom! I Don’t Use Shellcode
A Browser Exploitation Case Study for Internet Explorer 11
Exploiting CVE-2014-4113 on Windows 8.1
Analysis of the Windows kernel vulnerability CVE-2014-4113, demonstrating how it can successfully be exploited on Windows 8.1.

Blog

CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver
In this post we describe a bug we found in the udmabuf driver a while back, and how we exploited it to achieve root access in affected systems.
Revisiting CVE-2017-11176
In this post we are deviating a bit from the typical format of posts on our blog and try to provide some introductory material into Android/Linux kernel exploitation.
BFS Ekoparty 2022 Exploitation Challenges
Show us your skills, to get a free invite to the BFS VIP dinner/party as well as an opportunity to join our team!
Windows Segment Heap: Attacking the VS Allocator
Abusing the Windows segment heap metadata to turn a heap overflow into an overlapping chunk allocation
BFS Hiring Challenge
Show us your skills, and get an opportunity to join BFS!