Publications

List of latest publications in excerpt view:

E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins

Overview The COVID-19 pandemic has changed the way we live and work. “Sheltering in place” requires many people to work from home, thereby necessitating the use of virtual environments. The pandemic has also affected students globally, who are now at home learning via virtual classrooms online. This, in turn, has required many educational establishments to quickly integrate new Learning Man…

CPR-Zero: The Check Point Research Vulnerability Repository

During the past 3 years, Check Point Research has invested significant resources into vulnerability research. For every vulnerability we discover, we first notify the vendor and immediately develop new protections which are integrated into the Check Point line of products. During the course of our vulnerability research, we come across a vast number of bugs, some more interesting than others. M…

Hacked in Translation – from Subtitles to Remote Code Execution

Recently, we revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate t…

Too Much Freedom is Dangerous: Understanding IE 11 CVE-2015-2419 Exploitation

It’s been a while since a pure JavaScript vulnerability was widely used by exploit kits. The last few years mostly gave us IE Use-After-Free vulnerabilities. When those were dealt with by Microsoft’s IsolatedHeap and MemoryProtection mechanisms, introduced in the middle of 2014, the stage was clear for Flash to take over. Now, as Flash is marching towards its imminent death, Silverlight has…

CapTipper v0.3 is out!

The new version of CapTipper is here and it includes new and exciting features.The most important addition being CapTippers new logo 🙂 Thanks to Ira Suris Gurevich for this beautiful work. I will be presenting the new CapTipper at BlackHat Arsenal USA this week so stop by and say Hi if you’re around. Another project we are presenting at BlackHat Arsenal …

Microsoft Word Intruder RTF Sample Analysis

Check Point researchers obtained a sample of a malicious Word document that was used in an attack attempt against one of our customers. The sample itself is a Rich Text Format (RTF) file with a .DOC extension. Recently, there has been a resurgence of the trend to use malicious macro code inside office documents. However, this wasn’t the case here. We were dealing with a sample created by the …

CapTipper 0.2 released!

CapTipper v0.2 is out, and it includes many new features.I’m presenting the new version today at BlackHat Arsenal, you are welcome to come watch if you’re around. A basic principle for CapTipper’s development is to gather as many useful tools and functions for a researcher under its umbrella.This release introduces quite a few of those, which I hope will help us all save time switching d…

CapTipper – Malicious HTTP traffic explorer tool

CapTipper – Malicious HTTP traffic explorer tool What is CapTipperAnalysis ExampleGitHub ProjectDownload CapTipper!Info What is CapTipper CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.CapTipper sets up a web server that acts exactly as the server in the PCAP file,and contains internal tools, with a powerful interactive console, for analysis and …