VMWare Workspace ONE Access

author iconBy
Steven Seeley

Intro In 2022, I conducted research against VMWare Workspace ONE Access and was able to find a remote code execution vulnerability triggerable by an authenticated administrator. Although authentication is required, past authentication bypass vulnerabilities have been published. As an aside, if you’re interested in this sort of work, here at Trenchant we perform vulnerability research… Continue reading VMWare Workspace ONE Access

Read More

Two Lines of JScript for $20,000 – Pwn2Own Miami 2022

author iconBy
Ben McBride

Prologue In 2022, Pwn2Own returned to Miami and was again targeting industrial control systems (ICS) software. I had participated in the inaugural Pwn2Own Miami in 2020 and was eager to participate again this year. My previous work included a nice vulnerability against the Iconics Genesis64 Control Server product. That vulnerability allowed a remote attacker to… Continue reading Two Lines of JScript for $20,000 – Pwn2Own Miami 2022

Read More

The Evolution of TCC on Ventura

author iconBy
Michael Cowell

In the surprisingly stable first beta release of macOS Ventura, there are a number of simple yet impactful security enhancements. This blog post will ignore lower-level changes, opting instead to talk about higher level changes that users are likely to interact with, and some of the attacks they’re meant to prevent. The (not so slow)… Continue reading The Evolution of TCC on Ventura

Read More

Expanding the Dragon: Adding an ISA to Ghidra

author iconBy
Tracy Mosley

Ghidra has support for a lot of architectures out of the box. In embedded systems, we often encounter some more nuanced variations than the ISAs already included. This need results in either using a different tool for static reverse engineering, if any exist that support this variant, or implementing a new version in Ghidra. This blog will explain how to expand Ghidra’s support such that switching tools is unnecessary. The implementation of a new processor module includes several Ghidra specific files such as .ldefs, .cspec, .pspec, .sinc, and .slaspec (along with an optional .opinion and a README.txt). There will be a follow on article on compiling, and testing instructions in a new ISA as well.

Read More

Pwn2Own 2021: Parallels Desktop Guest to Host Escape

author iconBy
Ben McBride

Starting A common challenge when approaching a new vulnerability research problem is getting started. This is especially true when there is little prior research and strict time constraints. I was very interested when Parallels Desktop was announced as a new target for the Zero Day Initiative’s Pwn2Own Vancouver 2021 in the virtualization category. It was… Continue reading Pwn2Own 2021: Parallels Desktop Guest to Host Escape

Read More