Profile cover photo
Profile photo
Li Haifei
28 followers
28 followers
About
Posts

Post has attachment
Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers
TLDR: Running Chinese customized browsers could be like running IE6 on Windows XP, lots of proven-effective exploit mitigations could be disabled by simple tricks e.g. hosting webpage via IP address. Background When I was just jumping into vulnerability res...

Post has attachment
"Bypassing" Microsoft's Patch for CVE-2017-0199
Background If you have followed my research on the infamous CVE-2017-0199 zero-day attack, you may know we (w/ my colleague Bing) did a presentation titled “ Moniker Magic: Running Scripts Directly in Microsoft Office ” at the SYSCAN360 security conference ...

Post has attachment
An Interesting Outlook Bug
Last week I reported an interesting bug in Outlook to Microsoft - it's an HTML email, and when you send this email to someone, when he/she just read the email, Outlook will crash (similar dangerous level as my #BadWinmail bug if this one is exploitable). ...

Post has attachment
Who is "gigiduru"?
Last week during a research on Office, I happened to notice a weird string in the Outlook binary (Outlook.exe). Let's quickly go to the related code. .text:00C88067                 lea     eax, [ebp-16Ch] .text:00C8806D                 push    eax          ...

Post has attachment
Who is "gigiduru"?
Last week during a research on Office, I happened to notice a weird string in the Outlook binary (Outlook.exe). Let's quickly go to the related code. .text:00C88067                 lea     eax, [ebp-16Ch] .text:00C8806D                 push    eax          ...

Post has attachment
SuperFish 2.1: Dell System Detect’s "trusted site" makes users more vulnerable to exploit-based attacks
The recent SuperFish 2.0  incident has told us OEM machines are really bad on security. Today I finally got time to play into the issue and around. I happened to find that there is actually another problem, this time it is not about pre-installed root certi...

Post has attachment
SuperFish 2.1: Dell System Detect’s "trusted site" makes users more vulnerable to exploit-based attacks
The recent SuperFish 2.0  incident has told us OEM machines are really bad on security. Today I finally got time to play into the issue and around. I happened to find that there is actually another problem, this time it is not about pre-installed root certi...

Post has attachment
Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
Probably it's commonly known that when you try to download something on your modern browser e.g. Google Chrome or Microsoft Edge, the file will be downloaded automatically to your local system with just a simple clicking - no need for additional confirmatio...

Post has attachment
Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
Probably it's commonly known that when you try to download something on your modern browser e.g. Google Chrome or Microsoft Edge, the file will be downloaded automatically to your local system with just a simple clicking - no need for additional confirmatio...

Post has attachment
Quick post: ASLR in China
The recent XCodeGHost incident tells how insecure it is for Chinese software. Personally I've been long-time aware of the huge problem in Chinese software, but I was still surprised that even the core developers from software giants enjoy such a terrible ho...
Quick post: ASLR in China
Quick post: ASLR in China
justhaifei1.blogspot.com
Wait while more posts are being loaded