Blog
2023-04-07
In this post I describe in detail how I found out a logical vulnerability that affects the Wacom Driver 6.3.46-1.
Next, I describe how it's possible to exploit it to gain an Arbitrary File Write-Overwrite primitive.
Finally, I show how it's possible to exploit the primitive to cause a persistent Windows Denial of Service.
2023-04-07
In this post I describe in detail how I found out a logical vulnerability that affects the Wacom Driver 6.3.46-1.
Next, I describe how it's possible to exploit it to gain an Arbitrary File Deletion primitive.
Finally, I show how it's possible to exploit the primitive to escalate privileges in the context of NT AUTHORITY\SYSTEM or cause a persistent Windows Denial of Service.
2023-04-03
In this post I describe in detail how I found out a logical vulnerability that affects the Wacom Driver 6.3.46-1.
Next, I describe how it's possible to exploit it to escalate privileges in the context of NT AUTHORITY\SYSTEM.
2023-04-02
In this post I give yet another (last but not least) point of view on the logical vulnerability that affects the Wacom Driver 6.3.45-1.
Next, I describe how it's possible to exploit it to gain an Arbitrary File Read\Write primitive.
Finally, I show how it's possible to exploit the primitive to overwrite sensitive data.
2023-04-02
In this post I give another point of view on the logical vulnerability that affects the Wacom Driver 6.3.45-1.
Next, I describe how it's possible to exploit it to gain an Arbitrary File Read primitive.
Finally, I show how it's possible to exploit the primitive to read sensitive data.
2023-04-02
In this post I describe in detail how I found out a logical vulnerability that affects the Wacom Driver 6.3.45-1.
Next, I describe how it's possible to exploit it to escalate privileges in the context of NT AUTHORITY\SYSTEM.
2023-03-23
Since the official Instagram app, at the time of writing, doesn't allow to search public posts of an Instagram user by keyword (in my case I needed to search through my Instagram posts by hashtag), I decided to develop an app for Android devices that can do this.
The app can be downloaded by anyone who needs it, it's public, open source and free 😉
2023-03-16
In this post I describe in detail how I found out a vulnerability that affects Microsoft Excel for Microsoft 365 MSO (Version 2202 Build 16.0.14931.20858 64-bit).
Next, I describe how it's possible to exploit it to cause an Excel Denial of Service and a Windows memory exhaustion.
2021-03-03
In this post I talk about a tedious Amazon's digital assistants problem that occurs when they're used as bluetooth speakers.
I show what is the cause of the problem and how to fix it in Windows operating systems, through a simple program that I've developed and made available in my GitHub repository.
2021-01-29
In this post I talk about Time-Of-Check Time-Of-Use (TOCTOU) vulnerability, opportunistic lock (OpLock), junctions and race conditions.
In particular I show, through my simple POCs, how to apply the concepts seen to exploit a target program affected by TOCTOU vulnerability.
Finally, I make some comments on how it is possible to apply these concepts to obtain an Elevation of Privilege (EoP).
2021-01-15
In this post I talk about dll hijacking, why it is used and what are the techniques to practice it.
In particular, among the various possible techniques, I focus on the DLL Proxying Technique.
Finally, through a practical example, I show how to apply the concepts seen on a target application dll.