Respect in Security
At Vonahi Security, we believe every one deserves to be supported and encouraged to be unique individuals. We strive to create a welcoming and inclusive environment for all, driven by behavior that shows empathy, respect, and care for others. We stand by the Respect in Security pledge.
SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.