About
Experience & Education
Volunteer Experience
-
Information Security
Hackers For Charity
Publications
-
Boundhook - Exception based, kernel controlled hooking.
CyberArk
article: https://www.cyberark.com/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking/
-
IllusionGap - AntiVirus Bypass
CyberArk
blog: https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
-
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking
CyberArk
https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/
-
"EZHACK"— POPULAR SMART TV DONGLE REMOTE CODE EXECUTION
Check Point
report - http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf
-
iOS Core Application Design Flaw May Expose Apple ID Credentials
Check Point
link: http://blog.checkpoint.com/2015/10/01/ios-core-application-design-flaw-may-expose-apple-id-credentials/
-
WhatsApp ("MaliciousCard") Vulnerabilities
Check Point
The publication received a lot of media attention, for…
The publication received a lot of media attention, for example:
http://www.scmagazineuk.com/users-urged-to-update-whatsapp-web-to-shut-down-vcard-vulnerability/article/437215/
http://thehackernews.com/2015/09/whatsapp-vcard-vulnerability.html
http://www.net-security.org/secworld.php?id=18828
http://www.techweekeurope.co.uk/mobility/mobile-apps/whatsapp-web-security-flaw-176446
http://www.telegraph.co.uk/technology/internet-security/11850817/WhatsApp-security-breach-lets-hackers-target-web-app-users.html
http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-for-web-vulnerability-could-give-hackers-control-over-computers-10491760.html
https://uk.news.yahoo.com/whatsapp-app-flaw-allows-hackers-155624561.html#EAL6FDk
http://www.theinquirer.net/inquirer/news/2425079/web-based-whatsapp-chat-app-trap-is-todays-security-vulnerability
http://www.pcworld.com/article/2981960/whatsapp-fixes-dangerous-flaw-in-web-app.html
http://securityaffairs.co/wordpress/39982/hacking/vcard-flaw-whatsapp-web.html
http://lavasoft.com/mylavasoft/company/blog/whatsapp-hits-900-million-users-experiences-security-breach
http://www.tripwire.com/state-of-security/latest-security-news/whatsapp-issues-update-for-maliciouscard-vulnerabilities-in-web-based-extension/
http://www.securityweek.com/vcard-vulnerability-exposes-whatsapp-users
https://hacked.com/whatsapp-web-vulnerability-puts-200-million-users-risk/
http://www.theregister.co.uk/2015/09/08/whatsapp_security_flap/
http://www.eweek.com/mobile/whatsapp-patches-flaw-that-put-hundreds-of-millions-at-risk.html
http://news.softpedia.com/news/extremely-dangerous-vulnerability-fixed-in-whatsapp-for-web-491237.shtml
http://techxplore.com/news/2015-09-whatsapp-patch-response.html
http://www.infosecurity-magazine.com/news/whatsapp-flaws-could-affect/
http://www.huffingtonpost.co.uk/2015/09/08/whatsapp-web-security-flaw-puts-200-million-at-risk_n_8106506.html
And more.. -
CyberArk - Multiple Buffer Overflows Proof-Of-Concept (before i worked there)
* the vulnerability is already patched by cyberark
* further technical details will be disclosed in the future
https://www.youtube.com/watch?v=3AHq1SKcBeMOther authorsSee publication -
Android MiTM (app - no root) PoC
Kasif Dekel
Presenting a quick & easy way for an application to perform man-in-the-middle attack on a given phone without root privileges.
This piece of code shows how a malicious application can perform mitm attack on your phone without root privileges.
The idea is to change the main DNS server of the device.
And the question is: why should normal applications be able to do this operations?
https://github.com/kasif-dekel/android-mitm-app-no-root -
Bunny Challenge
-
A Cool reversing challenge solution.
link: https://github.com/kasif-dekel/bunny-b00tloader/blob/master/README.md -
How I Hijacked Your Cellcom-TV Account
-
Major cellular provider launches new television service with NIS 99 (~26 USD) monthly package including unlimited VOD, wide variety of TV shows, movies and children's content.
In this publication i describe how a malicious attacker can change any account's information without any validations.
https://github.com/kasif-dekel/cellcomTV/blob/master/README.md -
Rafael Reverse Engineering Challenge Level 3
-
Rafael Advanced Defense Systems Ltd is an Israeli defense technology company. It was founded as Israel’s National R&D Defense Laboratory for the development of weapons and military technology within the Ministry of Defense. Rafael develops and produces weapons, military, and defense technologies for the Israel Defense Forces and for export abroad.
Rafael are looking to hire reverse engineers and created this series of binary challenges, the winner will be rewarded in a flight ticket…Rafael Advanced Defense Systems Ltd is an Israeli defense technology company. It was founded as Israel’s National R&D Defense Laboratory for the development of weapons and military technology within the Ministry of Defense. Rafael develops and produces weapons, military, and defense technologies for the Israel Defense Forces and for export abroad.
Rafael are looking to hire reverse engineers and created this series of binary challenges, the winner will be rewarded in a flight ticket (hotel and free entrance) to the BlackHat Conference.
more at: https://github.com/kasif-dekel/rafael-re-level-3
Courses
-
Advanced ARM Exploitation Training
-
-
Advanced C Programming
-
-
Linux Kernel Advanced
-
-
Modern Windows Debugging Internals by Alex Ionescu
-
-
Windows Kernel Internals for Security Researchers
-
Projects
-
BurpHolder - BurpSuite Extension
BurpHolder - Variables For BurpSuite
-------------------------------------------------------
BurpHolder allows you to define variables inside BurpSuite.
The plugin will make your penetration testing work much easier when investigating complex applications.
link: https://github.com/kasif-dekel/BurpHolder/blob/master/README.md
read more: http://www.bugsec.com/news/making-your-sql-injection-an-easy-os-takeover/ -
MySQLiExec - mssql's cmdexec-like for mysql, useful when exploiting sql injection on a mysql server.
Write the compiled library to the plugins directory of mysql & load it to be able to run shell commands just like mssql's cmdexec
link:https://github.com/kasif-dekel/MySQLiExec
read more: http://www.bugsec.com/news/making-your-sql-injection-an-easy-os-takeover/ -
WhatsJS - Javascript Based WhatsApp API (Bot) Running on WhatsApp-Web
link: https://github.com/kasif-dekel/WhatsJS
-
evilsudo
evilsudo is a privilege escalation technique based on alias'ing the sudo command
link: https://github.com/kasif-dekel/evilsudo -
VT Grep Plugin For GHIDRA
-
This is a non official VirusTotal plugin for GHIDRA. This plugin integrates functionality from VirusTotal web services into the GHIDRA's user interface. The current version is v0.1, This plugin is not production-ready yet, and unexpected behavior can still occur and released without any warranty. This release integrates VTGrep into GHIDRA, facilitating the searching for similar code, strings, or sequences of bytes.
Honors & Awards
-
StrongDM Account Takeover
StrongDM
https://www.strongdm.com/security/advisories/sdmsa-2023001-strongdm-security-advisory
-
Microsoft Most Valuable Researchers
Microsoft
Made it to the 2022 Leaderboard https://msrc.microsoft.com/leaderboard and 5th place in 2021 Q3
-
CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
SentinelOne
Advisory: https://www.sentinelone.com/labs/cve-2021-3437-hp-omen-gaming-hub-privilege-escalation-bug-hits-millions-of-gaming-devices/
-
[CVE-2021-3438] HP / Samsung / Xerox - Hundreds of printer models vulnerable to buffer overflow
-
https://support.hp.com/us-en/document/ish_3900395-3833905-16
CVSS score 8.8 -
CVE-2021-24092 Windows Defender Privilege Escalation
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24092
-
Won 1st place in CyberArk product & innovation Hackathon
CyberArk
My team won the first place in the Hackathon
-
Facebook White Hats
Facebook
I found 2 security bugs on fb products:
https://www.facebook.com/whitehat/thanks/ -
Trend Micro Security Kernel Driver Local Privilege Escalation Vulnerability | CVE-2016-6869
Trend Micro
https://www.securityfocus.com/bid/93448
-
Android Vulnerabilities
-
i found security vulnerabilities in the android OS:
1. SQL Injection in the internal SDK of android (SQLiteDB classes): https://github.com/kasif-dekel/Android-SDK-SQLInjection
2. Will be revealed in the future. -
5th Place in Top MSRC 2021 Security Researchers!
Microsoft
Link https://msrc-blog.microsoft.com/2021/10/14/congratulations-to-the-top-msrc-2021-q3-security-researchers/
-
CVE-2016-1712 & CVE-2015-8112 - coming soon
Check Point
-
Microsoft's AppLocker Bypass
-
https://github.com/kasif-dekel/Microsoft-Applocker-Bypass
-
PaloAlto - Local privilege escalation (PAN-SA-2016-0012) (CVE-2016-1712)
Palo Alto Networks
Summary
-----------------------------------
Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).
Severity: Medium
-----------------------------------
Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through…Summary
-----------------------------------
Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).
Severity: Medium
-----------------------------------
Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.
Products Affected
-----------------------------------
PAN-OS 5.0.18 and earlier, PAN-OS 5.1.11 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.11 and earlier, PAN-OS 7.0.7 and earlier
Available Updates
-----------------------------------
PAN-OS 5.0.19 and later, PAN-OS 5.1.12 and later, PAN-OS 6.0.14 and later, PAN-OS 6.1.12 and later, PAN-OS 7.0.8 and later
Workarounds and Mitigations
-----------------------------------
N/A
Acknowledgements
-----------------------------------
Kasif Dekel, CheckPoint Security Team
http://securityadvisories.paloaltonetworks.com/Home/Detail/45
Tavis Ormandy's investigation:
http://securityadvisories.paloaltonetworks.com/Home/Detail/67
https://bugs.chromium.org/p/project-zero/issues/detail?id=913
Languages
-
Hebrew
-
-
English
-
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More