Netanel Ben Simon

New story about the MORSE security research team at Microsoft featuring @metr0 @piazzt Money Mitch and other folks...check it out news.microsoft.com/innovation-sto…

[CPR-Zero] Multiple vulnerabilities in OMX ALAC decoder affecting Android devices based on MediaTek and Qualcomm chipsets that can lead to LPE and RCE via malformed audio file. cpr-zero.checkpoint.com/vulns/cprid-21… cpr-zero.checkpoint.com/vulns/cprid-21… cpr-zero.checkpoint.com/vulns/cprid-21…

Wrote an article about #fuzzing the Linux kernel network stack externally with #syzkaller. The article covers: 🧰 Introduction to syzkaller 💉 Using TUN/TAP for packet injection 👽 Integrating TUN/TAP via pseudo-syscalls 🏆 Showcases of found bugs xairy.io/articles/syzka…

Today Wiz Research (@shirtamari, @nirohfeld, @ronenshh and myself) published details on #ExtraReplica, a severe vulnerability that allowed anyone to access the databases of other #Azure customers. Here’s how we did it: 🧵 (1/n) wiz.io/blog/wiz-resea…

We (+@nirohfeld) just released the full technical blogpost regarding #ChaosDB - which we also presented today at #BlackHatEurope wiz.io/blog/chaosdb-e…

Do you like reading books? Then you’ll love hacking Amazon’s Kindle. youtu.be/BtpGVa7FaXo Read all the technical details here: research.checkpoint.com/2021/i-can-tak…

[CPR-Zero] CVE-2021-31179 (Outlook, Office): Improper parsing of TLV records leading to Use-After-Free and Heap Corruption in graph.exe cpr-zero.checkpoint.com/vulns/cprid-21…

[CPR-Zero] CVE-2021-31178 (Outlook, Office): Integer Underflow leading to Stack-based Out of Bound Read in graph.exe cpr-zero.checkpoint.com/vulns/cprid-21…

[CPR-Zero] CVE-2021-31174 (Outlook, Office): Stack-based Out of Bound Read in graph's data stream parsing code in graph.exe cpr-zero.checkpoint.com/vulns/cprid-21…

[CPR-Zero] CVE-2021-31939 (Outlook, Office): Use-After-Free in graph data parsing code in graph.exe cpr-zero.checkpoint.com/vulns/cprid-21…

We have recently discovered 4 security issues applicable in most MS-Office products. Read all the details here: research.checkpoint.com/2021/fuzzing-t… cc @sagitz_ @NetanelBenSimon

Woohoo! research.checkpoint.com/2021/fuzzing-t… "Another great feature of Jackalope is that it is easily customizable and hackable. The process of adding a custom mutator to the fuzzer was pretty straight-forward and increased our fuzzing effectiveness with very little development cost."

@ifsecure 10/10 will use Jackalope again :)

Our researchers found that CVE-2017-0005, a 0-Day attributed to the Chinese APT31, is a replica of an Equation Group 0-Day, that was caught and repurposed by APT31 during 2014, 3 years before the Shadow Brokers leak. Read the complete story on our blog. research.checkpoint.com/2021/the-story…

Nostalgic hacking session with @NetanelBenSimon MapleStory v83 Private Server cheats 95% python, 5% asm, 100% fun :)

Gamers Beware We recently turned our eyes to a major networking library used by a sizeable chunk of online gaming - Valve’s "Steam Sockets". Here is our report on the library, and the vulnerabilities we found in it. research.checkpoint.com/2020/game-on-f…

[CPR-Zero] CVE-2020-1310 (Windows 8.1/10 Kernel): Use-After-Free in win32k.sys triggered from Desktop Window Manager cpr-zero.checkpoint.com/vulns/cprid-21…

[CPR-Zero] CVE-2020-1247 (Windows 10 Kernel): Out-Of-Bounds Read\Write in the StrechBlt function in win32kfull.sys cpr-zero.checkpoint.com/vulns/cprid-21…

CVE-2020-1350: A cool Windows DNS Server vulnerability (2003->2019) we found at @_CPResearch_ and got patched today #PatchTuesday research.checkpoint.com/2020/resolving…

We discovered a 17-year-old vulnerability in all of Windows DNS Servers. SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges. research.checkpoint.com/2020/resolving…