Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability. Our POC can be found here. We would like to credit @SinSinology with the discovery of this vulnerability. AgentPortal The ZDI advisory told us exactly where to look for the vulnerability. A service named AgentPortal. A quick search shows us that we can find the file at C:\Program Files\LanDesk\ManagementSuite\AgentPortal.exe. Upon further investigation, we find that it is a .NET binary. After loading AgentPortal.exe into JetBrains dotPeek for decompilation, we find that its not a very complicated program. It’s main responsibility is creating a .NET Remoting service for the IAgentPortal interface. IAgentPortal Interface The IAgentPortal interface is pretty simple, it consists of functions to create Requests and other functions to get the results and check the status of those requests. Digging into what kind of requests we can make, we find the ActionEnum enum. We are immediately drawn to the RunProgram option. The handler […]
The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Horizon3.ai.
The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Security Boulevard.
Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the ... Read More
The post AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward appeared first on Nuspire.
The post AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward appeared first on Security Boulevard.
Written by: Nick Harbour
When it's pumpkin spice season, that means it's also Flare-On Challenge season. The Flare-On Challenge is a reverse engineering contest held every year by the FLARE team, and this marks its eleventh year running. It draws thousands of players from around the world every year, and is the foremost single-player CTF-style challenge for current and aspiring reverse engineers. It provides individual players with a gauntlet of increasingly challenging puzzles to test their ability, and earn a position in our hall of fame. Veteran competitors who have been following the live countdown over at flare-on.com may have already marked their calendar for the contest launch at 8:00pm ET on Sept. 27th, 2024. It will run for six weeks, ending at 8:00pm ET on Nov. 8th, 2024.
The Flare-On contest always features a diverse array of architectures, but with a strong representation of Windows binaries. This year’s contest may be the most diverse ever, with 10 challenges covering architectures including Windows, Linux, JavaScript, .NET, YARA, UEFI, Verilog, and Web3. Yes, you read that correctly, there is a YARA challenge this year. The challenges are often designed to represent Reverse Engineering challenges the FLARE team has encountered on the frontlines of cybersecurity.
If you successfully crush all 10 challenges you will be eligible to receive a prize, which will be revealed later. This crucial bit of gear will distinguish you from your colleagues who have not mastered the arcane art of Reverse Engineering, and will thus be an object of their envy. Your name or handle, should you choose to be included, will be permanently etched into the Hall of Fame on the Flare-On website.
Please check the Flare-On website for the live countdown and, upon launch, the link to the game server. Early account registration will open approximately two days before launch. While you’re there, check out last year’s challenges and official solutions to prepare yourself. For official news and information, we will be using the Twitter/X hashtag #flareon11.