Become a Partner
Add OffSec to your list of training providers
Partner with usBlog
Dec 4, 2013
In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.
1 min read
In the past few days there has been some online chatter about CVE-2013-5065, a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC for CVE-2013-5065.
Due to the fact that the extended instruction pointer is set to 0x00000038 at the time of the crash, this bug can easily be exploited on Windows XP, which offers little resistance, as it allows non-privileged users to map the null page within the context of a user process. From there, it was trivial to produce a fully working exploit, which we will have posted on the Exploit-DB.
To read more about the Microsoft recommendations for dealing with this vulnerability so that you are not unduly exposed.
Enterprise Security
The Fortinet 2024 Skills Gap report shines a light on critical issues that plague the cybersecurity industry. Here are our main takeaways.
Sep 6, 2024
6 min read
Insights
The OffSec team was at the Black Hat USA 2024 conference and we are excited to share our top 5 favorite talks.
Sep 6, 2024
5 min read
We’re sharing all of the important information related to the OSCP+ so you can know what this means for past, current and future learners.
Sep 4, 2024
2 min read