Results for Tony Loi

Threat Research

FortiGuard Labs Discovers Vulnerability in D-Link Router DIR868L

In August of 2017, FortiGuard Labs discovered a pre-authenticated remote code execution vulnerability on D-Link router DIR868L. This vulnerability is specific to a local ISP’s customized firmware.

By Tony LoiMarch 30, 2018

Threat Research

Analysis of PHP's CVE-2016-6289 and CVE-2016-6297

PHP is a programming language that was created in 1995 by Rasmus Lerdorf. And according to W3Techs, it’s dynamically generating content on more than 82% of all websites worldwide. That means hundreds of millions of web servers are vulnerable to the flaws we are describing below. Last month, FortiGuard discovered two security issues in PHP’s core (CVE-2016-6189) and in PHP’s zip (CVE-2016-6197). These issues affect both the current PHP version 5 and its upcoming version 7. These bugs are located in different part of the code,...

By Tony LoiAugust 10, 2016

Industry Trends

CODEGATE CTF 2016

Codegate CTF is an annual global white hat hacking competition held annually in Seoul, South Korea since 2008. This year, I participated Codegate CTF Final competition as a member of CLGT-Meepwn, a CTF team consisting of vnsecurity.net's members and students from local university in Vietnam. My teammates and I qualified as “Senior Competition” finalists (there is another “Junior Competition” category for students) after competing against hundreds of teams from more than 70 countries around the world during a 48-hour...

By Tony LoiMay 10, 2016

Industry Trends

BlackHat Asia 2016 wraps up

BlackHat Asia 2016 was once again held in the majestic Marina Bay Sands hotel in Singapore.. This is one of the biggest security conferences in Asia. We attended many of the talks and presentations and wanted to highlight some of the most interesting topics here for those of you who were unable to attend: - A NEW CVE-2015-0057 EXPLOIT TECHNOLOGY. Security researcher Wang Yu introduced an approach on exploiting the patched Windows kernel vulnerability CVE-2015-0057. This exploit was inspired by a number of other research papers that have...

By Tony LoiApril 12, 2016