Author: Tyler Reguly

This one took a bit longer to read than most of the books we review, but that’s entirely on me… everyone else finished it a while ago. This time around, we’re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting...

Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation. CVE-2023-24932 This vulnerability allows an attacker with physical access or Administrative rights to install a boot...

Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a general-purpose logging service to other software via the Microsoft Windows SDK. Successful exploitation of this vulnerability would lead to an attacker gaining SYSTEM access. Kaspersky has provided a detailed analysis of an attack that utilized this...

Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows SmartScreen. SmartScreen prompts you when running certain files downloaded from the Internet to warn you that you should exercise caution before proceeding. SmartScreen is able to do this using the zone identifier Alternate Data Stream (ADS) or Mark of the Web. When the Zone...

Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in Windows Graphic Component that can allow for code execution leading to SYSTEM privileges. Updates are available for all supported versions of Windows as well as Microsoft Office for IOS, Android, and Universal. Microsoft Office for Universal is a version of Microsoft Office...

For most people, January 28th is the 28th day of the year. For me, January 28th is more commonly known as “the day before my wife’s birthday.” For those who pay attention to history, they may know it as the day of Charlemagne’s death, Edward VI’s ascension to the throne, the founding of Northwestern University, the birth of the US Coast Guard, the adoption of the current Canadian Flag, the first televised appearance of Elvis, the explosion of the Space Shuttle Challenger, or the patenting of Lego bricks. For others, including many readers of this article, it is known as Data Privacy Day. It is...

Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th. In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir Harpaz. The vulnerability allows for a privilege elevation on a server by executing a malicious RPC call, allowing the attacker access to RPC functions normally restricted to privileged accounts. Akamai has been performing a lot of RPC research over the...

Have you ever picked up a book, thinking that you’ll put everything else aside and dive in, but a month later, the book is still sitting unread on your shelf? That’s what happened to me this year. Back in June, our research team started reading Hacking APIs: Breaking Web Application Programing Interfaces by Corey Ball together and it turns out the summer kept us all pretty busy, then the fall kept me pretty busy and there was just no time to finish the book. It took a Canadian winter for me to finally sit down and read Hacking APIs. My first thought? Why didn’t someone tell me to read this...

Have you ever picked up a book, thinking that you’ll put everything else aside and dive in, but a month later, the book is still sitting unread on your shelf? That’s what happened to me this year. Back in June, our research team started reading Hacking APIs: Breaking Web Application Programing Interfaces by Corey Ball together and it turns out the summer kept us all pretty busy, then the fall kept me pretty busy and there was just no time to finish the book. It took a Canadian winter for me to finally sit down and read Hacking APIs. My first thought? Why didn’t someone tell me to read this...