David WellsinTenable TechBlogInteger Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)A couple months back, Chris Lyne and I had a look at ManageEngine ServiceDesk Plus. This product consists of a server / agent model in…Aug 17, 20211Aug 17, 20211
David WellsinTenable TechBlogPsExec Local Privilege EscalationSo…this one’s been here for a while: a local privilege escalation vulnerability in PsExec. This local privilege escalation allows a…Dec 9, 20203Dec 9, 20203
David WellsinTenable TechBlogAndroid MX Player — Path Traversal to Code ExecutionMX Player is an Android App that you can find on the Google Play Store, having over 500M downloads.Jul 9, 2020Jul 9, 2020
David WellsinTenable TechBlogExploiting a Webroot Type Confusion BugRemotely Leaking Antivirus MemoryJun 15, 2020Jun 15, 2020
David WellsinTenable TechBlogTurning Signal App into a Coarse Tracking DeviceSignal Private Messenger’s ease of use, multiplatform support, and end-to-end encryption for both text and calls have attracted millions…May 20, 20202May 20, 20202
David WellsinTenable TechBlogBypass Windows 10 User Group Policy (and more) with this One Weird TrickI‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…Feb 18, 20206Feb 18, 20206
David WellsinTenable TechBlogLet’s Reverse Engineer DiscordHow we reverse engineered Discord’s call protocol and found it being MITM-ed by Discord.Jan 12, 20205Jan 12, 20205
David WellsinTenable TechBlogKernel Write-What-Where in Qualcomm Driver == LPEREADMESep 4, 2019Sep 4, 2019
David WellsinTenable TechBlogCOModo: From Sandbox to SYSTEM (CVE-2019–3969)Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with…Jul 22, 20192Jul 22, 20192
David WellsinTenable TechBlogAPI Series: SetThreadContextA great way to learn any operating system (OS) is studying the OS’s APIs. Today we will be looking at SetThreadContext, a powerful and…Jun 17, 2019Jun 17, 2019