About Javier Gil

This author has not yet filled in any details.
So far Javier Gil has created 4 blog entries.

Exploiting Word: CVE-2017-11826

By |11 Dec. 2017|

Coincidentially with the beginning of an APT simulation engagement in the Red Teaming, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office. The patch, which fixed a memory corruption bug, was first published on October 10th. On October 11th, Quihoo 360 Core Security reported having found malware exploiting said vulnerability during the previous month. Due to the existence of public malware samples exploiting this vulnerability and the time lapse between the release of the patch and it being applied, it was decided to begin the engagement by exploiting this vulnerability. In this post we will briefly describe the contents of the Word exploit sample, and we will explain how we can modify it to our benefit, ...

> Read More
Comments Off on Exploiting Word: CVE-2017-11826

Fuzzing Tales 0x01: Yadifa DNS

By |19 Sep. 2017|

Part of the duties of the RedTeam at Tarlogic consist in hunting for vulnerabilities in software that may be used by our clients. In this case, we have spent some time fuzzing several DNS servers. Specifically, in this post we are going to describe the adaptation and fuzzing of yadifa 2.2.5, as well as how to triage a simple bug found we found (DoS, CVE-2017-14339). This is the post's roadmap: Study and adaptation of yadifa's source code to optimize the fuzzing process with AFL Setting up the environment for AFL Brief description of the DNS protocol Triaging a hang Study and adaptation of yadifa's source code to optimize the fuzzing process with AFL One of the several DNS servers ...

> Read More
Comments Off on Fuzzing Tales 0x01: Yadifa DNS
© 2021 Tarlogic Security | cyber security, cyber intelligence Red Team and Threat Hunting Specialists | Computer security and ethical hacking

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy