8-bit video game blocks with pixel art of the Learn One and Learn Enterprise logos

Level up your training with limited-time offers - Discounts for Individuals and Enterprise

Blog
Exploit Development

Jul 29, 2014

Symantec Endpoint Protection 0day

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

OffSec Team

1 min read

Author: Matteo Memelli

Symantec Endpoint Protection Vulnerability

In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

We’ll be publishing the code for this privilege escalation exploit in the next few days. In the meantime, you can check out our demo video of the exploitation process – best viewed in full screen.

More shameless Kali Dojo plugs

If you’re attending the Black Hat, Brucon or Derbycon 2014 conferences, don’t forget to come by our free Kali Dojo Workshops for some serious Kali Linux fu. See you there!

Latest from OffSec

Enterprise Security

Red Team vs Blue Team in Cybersecurity

Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.

Dec 13, 2024

13 min read

Enterprise Security

Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development

Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.

Dec 13, 2024

4 min read

Enterprise Security

How to Become the Company Top Cyber Talent Wants to Join

Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.

Dec 4, 2024

5 min read
View all blogs