Home | VerSprite Resources

Fabius Watson

We are passionate about helping our clients chart a course that brings security and business together.

Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a POS (point of sale) system is responsible for handling the intricacies of your transaction in the background.

Blog Post

Point-of-Sale Security

OH The POSsibilities: Point of Sale System Security

Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background.

Learn more

Digging up the Past: OS X File Versioning

Blog Post

Digging up the Past: OS X File Versioning

In this case study of OS X digital forensics, we were tasked to recover the version history of documents created using Apple’s TextEdit application. It began with a request for us to recover the version history of documents created using Apple’s TextEdit application.

Learn more

The Verix Multi-app Conductor application for Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.

Advisory

Security Vulnerabilities

VMAC for Verix

The Verix Multi-app Conductor application for Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.

Learn more

Exploitation-Remote-WCF-Vulnerabilities

Blog Post

Exploitation of Vulnerabilities

Exploitation of Remote WCF Vulnerabilities

In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.

Learn more

How Hackers Control and Steal Vehicles Remotely

Blog Post

Reverse Engineering

Hacking an Aftermarket Remote Start System

In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.

Learn more

SolarWinds Orion NPM

Advisory

Exploitation of Vulnerabilities

SolarWinds Orion NPM

SolarWinds Orion NPM suffers from a SYSTEM remote code execution vulnerability in the “OrionModuleEngine” service.

Learn more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Presentation

Microsoft Windows Vulnerabilities

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Learn more

Hacking an Aftermarket Remote Start System

Blog Post

How Hackers Control & Steal Vehicles Remotely

The trend of automotive security research began in the 2010s and has resulted in the discovery of several critical security issues within modern vehicles. Hackers have repeatedly demonstrated their ability to remotely track, steal, and control a variety of unaltered vehicles.

Learn more

POSIM EVO for Windows advisory CVE-2018-15807

Advisory

POSIM EVO for Windows

POSIM EVO for Windows includes an “Emergency Override” administrative account that may be accessed through POSIM’s “override” feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.

Learn more

We are an international squad of professionals working as one.

Email

sales@versprite.com

logos