Tillmann Oßwald – Insinuator.net

Misc

June 20, 2025 by Tillmann Oßwald

Windows Hello for Business – Past and Present Attacks

Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – such as fingerprint or facial recognition – to unlock cryptographic keys protected by the Trusted Platform Module (TPM).

Continue reading “Windows Hello for Business – Past and Present Attacks”

Misc

May 14, 2024 by Tillmann Oßwald

Linux Character Devices: Exploring systemd-run and pkexec

In this blog post, we quickly look into issues involving character devices. As is typical for Linux, everything is a file, so character devices are referenced as files, such as pseudo terminals (pts) under /dev/pts/. man pty briefly introduces the topic. Essentially, it is used to connect a program, such as a terminal emulator, to a shell. In the end, a pty can read and write like a regular file. A colleague already brought up the topic of ptys and character devices. But more recently a Twitter post and the accompanying advisory piqued my interest.

Continue reading “Linux Character Devices: Exploring systemd-run and pkexec”

Misc

April 16, 2024 by Tillmann Oßwald

BSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service

The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) has published several papers ERNW created as part of the long-term SiSyPHuS Win10-Project. This project focuses on system analysis of selected parts of the Windows 10 operating system performed by ERNW.

Continue reading “BSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service”

Breaking, Misc

December 17, 2020 by Tillmann Oßwald

Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline

In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline 8.1 rc2, which has been fixed in the newest release. We use GDB and rr for time-travel debugging to determine the root cause of the bug.

Continue reading “Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline”

Misc

December 3, 2020 by Tillmann Oßwald

How Fuzzers Decide if a Crash is Unique

This blogpost sheds some light on how fuzzers handle crash deduplication and what a unique crash is for a fuzzer. For this, we take a look at two contrived examples and compare the unique crashes identified by AFL++ and honggfuzz.

Continue reading “How Fuzzers Decide if a Crash is Unique”

Building

November 12, 2020 by Tillmann Oßwald

Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi

TLDR: This blogpost presents devi, a tool that can help you devirtualize virtual calls in C++ binaries. It uses Frida to trace the execution of a binary and uncover the call sources and destinations of virtual calls. The collected information can then be viewed in IDA Pro, Binary Ninja, or Ghidra. The plugin adds the respective control-flow edges allowing further analysis (using different plugins) or simply providing more comfort when analyzing C++ binaries.

Continue reading “Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi”

Breaking

October 7, 2020 by Tillmann Oßwald

Vulnerabilities in GNU Readline Fixed

Recently I discovered some vulnerabilities in GNU Readline. These bugs have been fixed in GNU Readline version 8.1.

Continue reading “Vulnerabilities in GNU Readline Fixed”

Events

February 20, 2019 by Tillmann Oßwald

Offensivecon 2019

Hi,

Last week I had the pleasure to attend Offensivecon 2019 in Berlin. The conference was organized very well, and I liked the familial atmosphere which allowed to meet lots of different people. Thanks to the organizers, speakers and everyone else involved for this conference! Andreas posted a one tweet tldr of the first day; fuzzing is still the way to go to find bugs, and mitigations make exploitation harder. Here are some short summaries of the talks I enjoyed.

Continue reading “Offensivecon 2019”

Breaking

November 14, 2018 by Tillmann Oßwald

Multiple Vulnerabilities in Nexus Repository Manager

Recently, we identified security issues in the Nexus Repository Manager software developed by Sonatype. The tested versions were OSS 3.12.1-01 and OSS 3.13.1-01.

The following issues could be identified:

Multiple Cross-Site Scripting (CVE-2018-16619)
Missing Access Controls (CVE-2018-16620)
Java Expression Language Injection (CVE-2018-16621)

Continue reading “Multiple Vulnerabilities in Nexus Repository Manager”

Breaking

October 12, 2018 by Tillmann Oßwald

Multiple Vulnerabilities in UNIFY OpenScape Desk Phone CP600

We recently identified security issues in the UNIFY OpenScape Desk Phone CP600 HFA software. We disclosed the vulnerabilities to Unify, as a fix is now provided we want to give a brief overview of the vulnerability affecting the web interface.

Continue reading “Multiple Vulnerabilities in UNIFY OpenScape Desk Phone CP600”