Video: Illumant Demo – Hacking Check Point ZoneAlarm Anti-Virus (step-by-step)
Demonstration of the Check Point ZoneAlarm anti-virus exploit in action.
Check Point ZoneAlarm Anti-Virus Exploit
Local Exploitation of WCF Services within ZoneAlarm Anti-Virus Software to Escalate Privileges General Overview Illumant has discovered a critical vulnerability in Check Point’s ZoneAlarm anti-virus software. This vulnerability allows a low-privileged user to escalate to SYSTEM-level privileges. A service endpoint within ZoneAlarm exposes powerful functionality, including the ability to start new processes as SYSTEM. Efforts …
Technical White Paper: Finding and Exploiting the Check Point ZoneAlarm Anti-Virus for Local Privilege Escalation
Introduction Illumant has discovered a critical vulnerability in Check Point’s ZoneAlarm anti-virus software. This vulnerability allows a low-privileged user to escalate privileges to SYSTEM-level with the anti-virus software enabled. The vulnerability is due to insecure implementation of inter-process communications within the ZoneAlarm application itself, which allows a low-privilege user to inject and execute code by …
Press Release: ILLUMANT Discovers Critical “OwnDigo” Vulnerability in Anti-Virus Software
Vulnerability affects Check Point Anti-Virus (ZoneAlarm), allows standard users to escalate to highest privilege level and highlights lesser-known class of vulnerabilities (“OwnDigo”) resulting from insecure process communications using Windows Communication Foundation (WCF).
Video: Choosing Penetration Testing Firm
There are many firms to choose from. How can you tell one from another.
Owning JBOSS 4.2.3.GA Manually
Today we’ll talk about how to take ownership of a server running a default install of JBOSS 4.2.3.GA by hand using CVE-2010-0738. Why are we talking about exploiting such an old vulnerability? Well one reason is because it’s fun! Another, is that we still see these type of installs on real life engagements! Finally, there …
Owning Solar Winds Firewall Security Manager Manually
We recently encountered a Solar Winds Firewall Security Manager (soon to be EOL) during an internal assessment. The vulnerability scan reported a source code disclosure vulnerability related to the underlying Java application server Jetty 6.1. While following up on this we stumbled upon a public exploit for CVE-2015-2284, “userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code”.
Username Enumeration to Domain Administrator
Probably 9 out of 10 people reading this think that username enumeration is not a big deal. But what if I told you that you could do total pwnage against big corporation, obtain Domain Administrator credentials, take total control of their network, and do it all remotely just because they have a username enumeration vulnerability …
Vulnerability Disclosure Policy
As a provider of security solutions, services, and research, ILLUMANT takes security issues very seriously. It is our policy to work and coordinate with other vendors with regards to discovered vulnerabilities, with the intention of keeping users and customers safe. This document will share our process for disclosure. Outreach ILLUMANT will reach out to the …
