Blog Posts
It's Time to Retire Your Unsupported Things
"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, …
• By Will Dormann
In CERT/CC Vulnerabilities
The Dangers of VHD and VHDX Files
Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....
• By Will Dormann
In CERT/CC Vulnerabilities
Expectations of Windows RDP Session Locking Behavior
Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how …
• By Will Dormann, Joe Tammariello
In CERT/CC Vulnerabilities
Life Beyond Microsoft EMET
Approximately eight years ago (September 2010), Microsoft released EMET (Enhanced Mitigation Experience Toolkit) 2.0. In the world of software defenders, there was much rejoicing....
• By Will Dormann
In CERT/CC Vulnerabilities
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
• By Will Dormann
In CERT/CC Vulnerabilities
Announcing CERT Tapioca 2.0 for Network Traffic Analysis
A few years ago, I announced the release of CERT Tapioca for MITM Analysis. This virtual machine was created for the purpose of analyzing Android applications to find apps....
• By Will Dormann
In CERT/CC Vulnerabilities
Automatically Stealing Password Hashes with Microsoft Outlook and OLE
Back in 2016, a coworker of mine was using CERT BFF, and he asked how he could turn a seemingly exploitable crash in Microsoft Office into a proof-of-concept exploit that …
• By Will Dormann
In CERT/CC Vulnerabilities
Exfiltration with IPv6 tunnels on Windows
Will Dormann just posted a CERT/CC blog post about using outbound SMB connections to harvest Windows credentials via OLE objects. While most enterprises probably block outbound SMB over IPv4, they …
• By Dan J. Klinedinst, Will Dormann
In CERT/CC Vulnerabilities
The Curious Case of the Bouncy Castle BKS Passwords
While investigating BKS files, the path I went down led me to an interesting discovery: BKS-V1 files will accept any number of passwords to reveal information....
• By Will Dormann
In CERT/CC Vulnerabilities
The Consequences of Insecure Software Updates
In this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to …