Toggle menu
Research 14 February 2018
Remote Code Execution (CVE-2018-5767) Walkthrough on Tenda AC15 Router

Introduction In this post we will be presenting a pre-authenticated remote code execution vulnerability present in Tenda’s AC15 router. We start by analysing the vulnerability, before moving on to our regular pattern of exploit development – identifying problems and then fixing those in turn to develop a working exploit. N.B – Numerous attempts were made […]

Breaches 14 January 2018
OnePlus Checkout Hacked? The Dangers of On-Site Payment Processing

Introduction Recently members of the Fidus penetration testing team noticed an interesting blog post on the OnePlus forum by an individual discussing recent fraudulent attempts made on two of their credit cards. The forum user states that the only place both cards were used was on the OnePlus website in November 2017, they go on […]

Research 10 January 2018
Rumble In The Jungo – A Code Execution Walkthrough – CVE-2018-5189

Code Execution (CVE-2018-5189) Walkthrough on Jungo Windriver 12.5.1 Introduction Windows kernel exploitation can be a daunting area to get into. There are tons of helpful tutorials out there and originally this post was going to add to that list. This is the story of how I found CVE-2018-5189 and a complete walkthrough of the exploit development […]

Research 17 October 2017
Remote Code Execution (CVE-2017-13772) Walkthrough on a TP-Link Router

Introduction In this post, I will be discussing my recent findings while conducting vulnerability research on a home router: TP-Link’s WR940N home WiFi router. This post will outline the steps taken to identify vulnerable code paths, and how we can exploit those paths to gain remote code execution. I will start by describing how I […]

Phishing 22 June 2017
How to prevent phishing attacks

There’s no doubt that phishing is becoming more and more of a problem due to it’s successful and personalised nature. In fact, most of us have probably clicked on an e-mail that seemed legitimate at one point or another. In the recently published Cyber Security Breaches Survey 2017 , it was reported that fraudulent and […]

Phishing 25 April 2017
The Truth About Phishing

Fidus Information Security has created a video in which we set out to rectify one of the biggest misconceptions in the Cyber Security field surrounding phishing. It is widely reported that many breaches occur due to sophisticated cyber attacks and largely by organised criminal gangs, but just how accurate is this? Who is Being Phished? […]