Happy New Year – 2018

Happy new year everyone!

Hope you had the chance to celebrate and think about all the good things that happened to you in 2017.

We have a nice surprise for you – this link is worth 1,000$ USD !*

*You don’t need to hack the website, the money is out there in the link*

We also have some new updates for you:
beVX Conference

Beyond Security with VX will have the first all offensive security conference in Hong Kong – beVX Conference.

The conference will take place at Hong Kong (we will announce the venue in the next couple of weeks)

What we will have in the conference?

  • One full day of workshop on vulnerability research and exploit development
  • One full day of lectures on vulnerability research and exploit development
  • Hack2Win eXtreme with hundreds of thousands of dollars of prizes

Stay tune for more details!

Conferences:

  • Offensivecon (Berlin, Germany, 16-17 February 2018)
  • CanSecWest (Vancouver, Canada, 14-16 March 2018)
  • Nopcon (Istanbul, Turkey, 3 May 2018)

We provide free entry tickets, up to 1000$ in flights and accommodation to our security researchers community!

Also, if you plan to attend (and even if you don’t need the ticket or reimbursement) let me know so that I can look for you and say hello.

If any of you guys are interested in attending drop me an email.

We also started to look for 2018 Q2 conferences. If you know about inserting conference – email me.

Friend refer a friend program
We had a great year of 2017 with our friends program and have therefore decided to improve it and make the benefit much bigger, if you refer us a new researcher and he will start working with us on Operating systems / Mobile / Web Browsers – you will get 10,000$ USD.

For other vulnerabilities – you will get 1,000$ USD.

Once again – Happy new year!

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09.

D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel”
The vulnerabilities found are:

  • Default Credentials
  • Remote Command Execution

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.
Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

SSD安全公告-vBulletin routestring未经验证的远程代码执行

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要
以下安全公告描述了在vBulletin5中发现的一个未经身份验证的文件包含漏洞,成功利用该漏洞可造成远程代码执行。

Continue reading SSD安全公告-vBulletin routestring未经验证的远程代码执行

SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+.

Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security technology to monitor, scan and protect your systems without any worrying. The comprehensive defender and anti-virus tools prevent and protect your computer from unwanted virus, worms, and Trojans. With the simplest and easiest-to-use functions, users find themselves no difficulty to handle Kingsoft Antivirus.”

Credit
An independent security researcher, Steven Seeley, has reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact Kingsoft since October 8 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerability.
Continue reading SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation