CVE-2018-8023: Timing attack on the JWT implementation of Apache Mesos

A flaw in the JWT implementation of Apache Mesos resulted in a timing attack vulnerability. Affected Versions Apache Mesos 1.4.0 to 1.6.0 are affected. The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description Apache Mesos can be configured to require …
Read more...

Using a non-system glibc

When developing exploits, especially heap exploits, the glibc version the binary is linked against will affect the specific offsets that is used in the exploit code. Efforts like the libc-database help by making it easy to look up memory addresses from a specific libc. However, i…
Read more...

What is Token Binding?

Token Binding is a protocol that has been a subject of some debate recently due to Chrome's Intent to Remove message for the feature. We shall take a look at how Token Binding works as well as the arguments for and against the protocol. What problem does Token Binding aim to solv…
Read more...

Deconstructing Kony (7) Android Applications

Note: A more complete writeup on Kony was published at Analyzing Kony Mobile Applications What is Kony? Kony is a mobile app development platform that allows a developer to build mobile applications in HTML5 and JavaScript that can be built for different platforms like iOS and …
Read more...

Protostar Walkthrough - Heap

Protostar is a virtual machine from Exploit Exercises that goes through basic memory corruption issues. This blog post is a continuation from my previous writeups on the stack exploitation and format string exploitation stages of Protostar and will deal with the heap exploitation…
Read more...