Research
Haunted by SMB
June 11 · 32 minutes
We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).
- Listen:
Show References
- https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3
- https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-and
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- https://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8a
- https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447
- https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
Tenable Research on Medium - https://medium.com/tenable-techblog
- Research Podcast
- Tenable Vulnerability Management
