Category: Keen Security Lab Blog

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…

Vulnerability Research is a Journey: CVEs Found by KeenLab

Partly estimated, until May 2016, KeenLab has totally found 152 critical vulnerabilities with CVE IDs, ranging from mainstream OS to browsers and applications Among those vulnerabilities we discovered, 13 was used directly in our 8 Pwn2Own winner categories in the…

Emerging Defense in Android Kernel

There was a time that every Linux kernel hacker loves Android. It comes with a kernel from stone-age with merely any exploit mitigation. Writing exploit with any N-day available was just a walk in the park.Now a days Google, ARM…

WindowServer: The privilege chameleon on macOS (Part 1)

When talking about Apple Graphics, the WindowServer component should not be neglected. Rencently KeenLab has been talking about Apple graphics IOKit components at POC 2015 “OS X Kernel is As Strong as its Weakest Part“, CanSecWest 2016 “Don’t Trust Your…

WindowServer: The privilege chameleon on macOS (Part 2)

From my last blog post “WindowServer: The privilege chameleon on macOS (Part 1)”, we discussed some basic concepts, the history and architecture of WindowServer, as well as the details of CVE-2016-1804 – A Use-After-Free (Or we can also call it…

Car Hacking Research: Remote Attack Tesla Motors

With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode. It is worth to note that…

A Link to System Privilege

A Detailed Description of CVE-2016-0176 and Its Exploitation Essentials of a Successful Pwn of Microsoft Edge A successful Pwn of Microsoft Edge consists of two essential parts: Browser RCE(Remote Code Execution) and browser sandbox bypass. Browser RCE is typically achieved…

A bunch of Red Pills: VMware Escapes

Background VMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS).The technology is very well known to the public: it allows users to run unmodified…

TenSec 2018

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. TenSec 2018 will be held on October 10 and 11,…

Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through

Introduction The iOS 11 mptcp bug (CVE-2018-4241) discovered by Ian Beer is a serious kernel vulnerability which involves a buffer overflow in mptcp_usr_connectx that allows attackers to execute arbitrary code in a privileged context. Ian Beer attached an interesting piece…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…

Vulnerability Research is a Journey: CVEs Found by KeenLab

Partly estimated, until May 2016, KeenLab has totally found 152 critical vulnerabilities with CVE IDs, ranging from mainstream OS to browsers and applications Among those vulnerabilities we discovered, 13 was used directly in our 8 Pwn2Own winner categories in the…

Emerging Defense in Android Kernel

There was a time that every Linux kernel hacker loves Android. It comes with a kernel from stone-age with merely any exploit mitigation. Writing exploit with any N-day available was just a walk in the park.Now a days Google, ARM…

WindowServer: The privilege chameleon on macOS (Part 1)

When talking about Apple Graphics, the WindowServer component should not be neglected. Rencently KeenLab has been talking about Apple graphics IOKit components at POC 2015 “OS X Kernel is As Strong as its Weakest Part“, CanSecWest 2016 “Don’t Trust Your…

WindowServer: The privilege chameleon on macOS (Part 2)

From my last blog post “WindowServer: The privilege chameleon on macOS (Part 1)”, we discussed some basic concepts, the history and architecture of WindowServer, as well as the details of CVE-2016-1804 – A Use-After-Free (Or we can also call it…

Car Hacking Research: Remote Attack Tesla Motors

With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode. It is worth to note that…

A Link to System Privilege

A Detailed Description of CVE-2016-0176 and Its Exploitation Essentials of a Successful Pwn of Microsoft Edge A successful Pwn of Microsoft Edge consists of two essential parts: Browser RCE(Remote Code Execution) and browser sandbox bypass. Browser RCE is typically achieved…

A bunch of Red Pills: VMware Escapes

Background VMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS).The technology is very well known to the public: it allows users to run unmodified…

TenSec 2018

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. TenSec 2018 will be held on October 10 and 11,…

Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through

Introduction The iOS 11 mptcp bug (CVE-2018-4241) discovered by Ian Beer is a serious kernel vulnerability which involves a buffer overflow in mptcp_usr_connectx that allows attackers to execute arbitrary code in a privileged context. Ian Beer attached an interesting piece…

TenSec 2019

Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…

Tencent Keen Security Lab joins GENIVI Alliance

Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…