vulnerability analysis
90 days, 16 bugs, and an Azure Sphere Challenge
Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere’s sponsored research challenge. By Claudio Bozzato and Lilith [-_-]; and Dave McDaniel. On May 15, 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. Among the teams and individuals selected, Cisco Talos conducted a […]
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for...
Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.
It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back...