Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service.
5f5a0396cb9bd8b8918531a470f34efbfce05c416ca68a1d578867b7468c1362
Imagine finding yourself in a "hostile" environment, one where you cannot run exploits, tools, and applications without worrying about prying eyes spying on you, be they a legitimate system administrator, a colleague sharing an access with you or a software solution that scans the machine you are logged in to for malicious files. Your binary should live in encrypted form in the filesystem so that no static analysis would be possible even if identified and copied somewhere else. It should be only decrypted on the fly in memory when executed, so preventing dynamic analysis too, unless the decryption key is known. To experiment with such an idea Red Timmy Sec have created the "golden frieza" project.
41f188a8a31adc549c15b975f94febb25727777ba9bf32f0242c38f4b2c03bc0
Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.
428ddb0b67961d1a87be1c6c6acc41e678e23d1cbb23562598e8a6d6caf8b149
This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
c4c06bbd40df833eb2f186640de391e2da4dc98aaffb460369cdb39d17627ab0