Nytro Posted July 29, 2014 Report Posted July 29, 2014 Symantec Endpoint Protection 0dayIn a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise. We’ll be publishing the code for this privilege escalation exploit in the next few days. In the meantime, you can check out our demo video of the exploitation process – best viewed in full screen. [h=5]More shameless Kali Dojo plugs[/h] If you’re attending the Black Hat, Brucon or Derbycon 2014 conferences, don’t forget to come by our free Kali Dojo Workshops for some serious Kali Linux fu. See you there!Sursa: http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ Quote
yo20063 Posted July 31, 2014 Report Posted July 31, 2014 When you use antivirus to elevate privileges....so much win! Quote
