Latest Posts

AnyConnect Inter-Process Communication

AnyConnect Inter-Process Communication

In my first deep dive into Cisco AnyConnect (CAC) Secure Mobility Client (see AnyConnect Elevation of Privileges Part 1 and Part 2), I reversed engineered how CAC made use of a TCP based Inter-Process Communication (IPC) protocol. Based on that research, I found a Local Privilege Escalation (LPE) vulnerability (see CVE-2016-9192 and the proof-of-concept code). Yorick Koster and Antoine Goichot followed suit, and using that research also found other vulnerabilities (see CVE-2020-3153, CVE-2020-3433, CVE-2020-3434, and CVE-2020-3435). This post presents the results of my second deep dive, correcting a wrong conclusion about the protocol, further reverse engineering the various IPC messages, and providing some tools that can potentially aid further research.

Read More 

Freedom and Solitude

The freedom of not having to account for someone else's needs, wants and feelings, has the cost of solitude.

Image via Pexels @ Pixabay

Raspberry Pi Custom Fedora Kernel

Over the years I have gotten very used to Red Hat Enterprise Linux (RHEL) type distributions, and have for a long time now selected Fedora as my default goto Linux distribution. However, I needed a specific driver that comes out of the box with Raspbian (Raspberry Pi’s Debian based distribution), but does not come with Fedora. This post elaborates how to go about compiling a custom kernel on a Pi running Fedora.

Read More 

Latest Projects

CAC IPC

CAC IPC

Cisco AnyConnect (CAC) makes use of Inter-Process Communication (IPC) protocol. This project provides a Wireshark dissector and a tool to generate syntactically valid packets.

More Information 
GPO Bypass

GPO Bypass

This utility allows you to bypass Group Policy enforced controls on Firefox (as an example), especifically, it allows you to still install add-ons even if disabled through GPOs. This tool only supports 64 bit versions of Firefox.

More Information