Blackwing Blog
News and updates from the Blackwing team
While performing a security audit, I discovered a file format vulnerability that took me down an unexpected rabbit hole. The bug was fairly straightforward but what made it interesting was its origin and its variants found across numerous popular projects.
... Read Morecategories:
#Blackwing Intelligence
#Research
tags:
#vulnerability research
#variant analysis
TL;DR
In this post, I introduce a new tool called heapster that allows you to play with macOS libmalloc. I walk you through how to use this tool and a couple strange things I found along the way.
... Read Morecategories:
#Blackwing Labs
#research
tags:
#vulnerability research
#reverse engineering
#tools
#heap
TL;DR
Microsoft’s Offensive Research and Security Engineering (MORSE) asked us to evaluate the security of the top three fingerprint sensors embedded in laptops and used for Windows Hello fingerprint authentication. Our research revealed multiple vulnerabilities that our team successfully exploited, allowing us to completely bypass Windows Hello authentication on all three laptops.
... Read Morecategories:
#Blackwing Labs
#research
tags:
#vulnerability research
#exploit development
#reverse engineering
#cryptography
So, last week the Postgresql group released an update to its popular open-source RDBMS to address a security issue – pretty standard…
This particular update though was pretty highly anticipated, primarily because a week prior to its release the Postgres devs posted a rather ominous message to the pgsql-hackers mailing list (http://www.postgresql.org/message-id/[email protected]) stating that the upcoming release would contain fixes for a security issue that was “sufficiently bad” enough to warrant temporarily closing down access to the public git repository until updated packages were available.
... Read More
categories:
#Blackwing Labs
tags:
#RCE
#Exploits
#Postgresql
1 of 1