JEB Unchained
November 14, 2023
By Antonio Fuerte
JEB is a reverse engineering tool that can analyze several file formats, e.g. Siemens Simatic PLC software, Ethereum smart contracts, as well as native code, and Android.
We are going to focus on Android, since JEB is the standard de facto for this platform.
SCUDO HARDENED ALLOCATOR — UNOFFICIAL INTERNALS DOCUMENTATION
September 21, 2023
By Rodrigo Branco
SCUDO is a user-mode memory allocator developed by Google, based on the LLVM Sanitizers’ Combined allocator and with a focus on practical security. Given that SCUDO’s primary objective is security, this article also covers some of the decisions made, trade-offs and limitations.
VMWARE WORKSPACE ONE ACCESS
February 27, 2023
By Steven Seeley
In 2022, I conducted research against VMWare Workspace ONE Access and was able to find a remote code execution vulnerability triggerable by an authenticated administrator. Although authentication is required, past authentication bypass vulnerabilities have been published. As an aside, if you’re interested in this sort of work, here at Trenchant we perform vulnerability research against a wide variety of interesting and challenging targets!
Two lines of JScript for $20,000
September 29, 2022
By Ben McBride
In 2022, Pwn2Own returned to Miami and was again targeting industrial control systems (ICS) software. I had participated in the inaugural Pwn2Own Miami in 2020 and was eager to participate again this year. My previous work included a nice vulnerability against the Iconics Genesis64 Control Server product. That vulnerability allowed a remote attacker to run arbitrary SQL commands using a custom WCF client. This year I was able to win $20,000 by running arbitrary JScript.NET code! This post will describe the process I took and the vulnerability I found.
The Evolution of TCC on Ventura
July 8, 2022
By Michael Cowell
In the surprisingly stable first beta release of macOS Ventura, there are a number of simple yet impactful security enhancements. This blog post will ignore lower-level changes, opting instead to talk about higher level changes that users are likely to interact with, and some of the attacks they’re meant to prevent.
Expanding the dragon: Adding an ISD to ghidra
May 12, 2022
By Tracy Mosley
Ghidra was originally developed by the National Security Agency as a reverse engineering framework, similar to IDA Pro. In 2019 it was released and is now FOSS. It has many processor specifications implemented already, but it is not an exhaustive list. Thus, a new processor module had to be implemented for my particular needs.
PWN2OWN 2021: Parallels Desktop Guest to Host Escape
September 23, 2021
By Ben McBride
A common challenge when approaching a new vulnerability research problem is getting started. This is especially true when there is little prior research and strict time constraints. I was very interested when Parallels Desktop was announced as a new target for the Zero Day Initiative’s Pwn2Own Vancouver 2021 in the virtualization category. It was intriguing to me as there had been little prior research on it. I suspected there would be a wide range of issues in Parallels, so many different approaches would likely succeed. However, the demands for my time and energy, at the time, were particularly onerous. Our second son was due to be born any day! I would need to be focused and purposeful.
Permalink to Modern Attacks on the Chrome Browser : Optimizations and Deoptimizations
February 8, 2021
By Jeremy Fetiveau
As part of the Trenchant team’s daily activities, we keep an eye on code being committed. This is the story of a recent one that caught our attention. First, we are going to discuss the underlying mechanisms before explaining what primitives it gives. During the last years, we’ve seen many JIT bugs get patched.