Intro In 2022, I conducted research against VMWare Workspace ONE Access and was able to find a remote code execution vulnerability triggerable by an authenticated administrator. Although authentication is required, past authentication bypass vulnerabilities have been published. As an aside, if you’re interested in this sort of work, here at Trenchant we perform vulnerability research… Continue reading VMWare Workspace ONE Access

Prologue In 2022, Pwn2Own returned to Miami and was again targeting industrial control systems (ICS) software. I had participated in the inaugural Pwn2Own Miami in 2020 and was eager to participate again this year. My previous work included a nice vulnerability against the Iconics Genesis64 Control Server product. That vulnerability allowed a remote attacker to… Continue reading Two Lines of JScript for $20,000 – Pwn2Own Miami 2022

In the surprisingly stable first beta release of macOS Ventura, there are a number of simple yet impactful security enhancements. This blog post will ignore lower-level changes, opting instead to talk about higher level changes that users are likely to interact with, and some of the attacks they’re meant to prevent. The (not so slow)… Continue reading The Evolution of TCC on Ventura

Ghidra has support for a lot of architectures out of the box. In embedded systems, we often encounter some more nuanced variations than the ISAs already included. This need results in either using a different tool for static reverse engineering, if any exist that support this variant, or implementing a new version in Ghidra. This blog will explain how to expand Ghidra’s support such that switching tools is unnecessary. The implementation of a new processor module includes several Ghidra specific files such as .ldefs, .cspec, .pspec, .sinc, and .slaspec (along with an optional .opinion and a README.txt). There will be a follow on article on compiling, and testing instructions in a new ISA as well.

Starting A common challenge when approaching a new vulnerability research problem is getting started. This is especially true when there is little prior research and strict time constraints. I was very interested when Parallels Desktop was announced as a new target for the Zero Day Initiative’s Pwn2Own Vancouver 2021 in the virtualization category. It was… Continue reading Pwn2Own 2021: Parallels Desktop Guest to Host Escape

As we are celebrating a new decade, as well as ten years of existence, the team of Azimuth security decided to (re)start a brand new technical blog. This place is meant to deliver high level technical (and only technical) content!

Welcome to our inaugural blog post! Here at Trenchant, we are focused on doing vulnerability research and associated tooling to aid in those endeavors