Today we’re excited to release an open-source version of iVerify! iPhone users now have an easy way to ensure their phones are free of malware. iVerify validates the integrity of supported iOS devices and detects modifications that malware or jailbreaking would make, without the use of signatures. It runs at boot-time and thoroughly inspects the […]
We interrupt our regularly scheduled programming to bring you an important announcement: On Thursday, June 6th, just in time for SummerCon, we will be hosting a free Ruby Security Workshop in NYC! Signups are first-come, first-serve and we only have space for 30 people. Sign up here and we will email the selected participants the location […]
In the final part of our three-part series, we investigate the how the toolkit user gained control of program flow and what their strategy means for the reliability of their exploit. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Last time, […]
In the second part of our three-part series, we investigate the tools provided by the Elderwood kit for developing exploits from discovered vulnerabilities. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Several mitigations must be avoided or bypassed in order […]
Recently, the Department of Labor (DoL) and several other websites were compromised to host a new zero-day exploit in Internet Explorer 8 (CVE-2013-1347). Researchers noted similarities between this attack and earlier ones attributed to Elderwood, a distinct set of tools used to develop several past strategic website compromises. We have not, however, identified any evidence […]
