About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

How the Kaseya VSA Zero Day Exploit Worked- 556

Alexander Andersson - TrueSecPosted 4 Years Ago
  • Kaseya VSA is a monitoring and management software used by large corporations. As a result, compromising this product leads to complete control over a system. Security flaws used in this product were used for a massive ransomware campaign in the previous weeks.
  • The first vulnerability was an authentication bypass in the application. When logging in users, the default is set to true. So, when not providing a password (but a username), the application sends back true. The username is a long guid though; nobody is sure how the threat actors got a hold of this.
  • CSRF protections were not checked properly. Simply having a string of the proper length and format was enough to pass it off as legit. This was crucial when the attackers were uploading files to the server to execute later. Although there was a type check, the contents of the file were not being validated.
  • The final bug is an arbitrary file execution bug. When processing parsing the contents of a file, it is passed directory to eval in ASP.net for some reason. The idea was to interpret the value of the arguments from the file as literal code.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed