14 November, 2017

Skeleton in the closet. MS Office vulnerability you didn’t know about

Introduction What is the beginning of a typical research? Any research begins with detecting vulnerabilities with common tools. Although the process does not require much time and effort, it works well.Detection procedure is focused on vulnerabilities in third-party libraries used in outdated software and widely known to the IT community. A developer creates different versions […]
10 November, 2017

How To Cook Cisco

Introduction This white paper is intended to reveal intricacies of Cisco vulnerabilities exploitation. All the information presented in this research is based on our experience and updates other researchers’ experience and knowledge. The very process of exploiting Cisco vulnerabilities depends heavily on a specific vulnerability and a gadget. We encourage you to think of the […]
24 October, 2017

UEFI BIOS holes. So Much Magic. Don’t Come Inside.

Introduction In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect […]
12 October, 2017

Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes

Introduction The Embedi team focuses not only on the security of embedded/smart devices and firmware for computers but also on critical devices, such as ATMs. ATMs consist of various devices with their own firmware. Application Control solutions fall into the type of software that appeals to our interests the most. These are now widely available […]
5 October, 2017

Bypassing Intel Boot Guard

In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity verification mechanism available since Haswell microarchitecture (2013). So-called «UEFI rootkits killer» this […]
12 September, 2017

Enlarge your botnet with: top D-Link routers (DIR8xx D-Link routers cruisin’ for a bruisin’)

In this article, we are going to discuss vulnerabilities detected in the top D-Link routers: DIR890L DIR885L DIR895L and other DIR8xx D-Link routers cruising for a bruising. The devices use the same code, thus giving a magnificent and quite tempting opportunity to attackers to add them to a botnet. Moreover, we have managed to make […]