ALPC Task Scheduler 0-Day

ALPC Task Scheduler 0-Day

Adam Nichols

On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum.  We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations.

Heap overflow in the necp_client_action syscall

Heap overflow in the necp_client_action syscall

GRIMM
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test.
A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

Bryson Bort
Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month thathackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some two-dozen class-action lawsuits (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders.