Loading...

Stephen Fewer

Offensive Security Research & Development

About

Stephen Fewer

Stephen is an independent security consultant based in Ireland. His primary area of focus is software vulnerability discovery and exploitation research and analysis and he offers professional services in these fields. Stephen possesses a highly technical background and has been an active member of both the security and open source community since 1999. In addition to forming Harmony Security, Stephen has previously been an anti-malware engineer for a leading global anti-virus company, a developer for an enterprise level performance engineering company, a developer for the Metasploit Framework and a winner at the 2011 pwn2own hacking competition. In 2015 Stephen launched Relyze Software Limited offering commercial software analysis solutions.


Research

Development

The following is a selection of publicly available software projects Stephen has developed.

  • Relyze is a commercial interactive software analysis solution which allows you to disassemble and analyse native Windows software.
  • Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
  • Reflective DLL Injection is a Windows (x86, x64, ARM) library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
  • OllySocketTrace is a plugin for OllyDbg to trace the socket operations being performed by a process, recording all buffers being sent and received.
  • OllyHeapTrace is a plugin for OllyDbg to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations.
  • OllyCallTrace is a plugin for OllyDbg to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.
  • NoNameOS is a tiny Operating System for the x86 architecture. It is an educational system with a monolithic kernel design and a clean efficient implementation. Features include a simple virtual memory manager, a file system and fully pre-emptive multitasking.
Vulnerabilities

The following publicly disclosed vulnerabilities were discovered through original research.

10 Feb 2015
CVE-2015-0046
Microsoft Internet Explorer Type Confusion Info Disclosure Vulnerability
10 June 2014
CVE-2014-1775
Microsoft Internet Explorer CPeerFactoryUrlMap Use After Free Vulnerability
10 June 2014
CVE-2014-2772
Microsoft Internet Explorer textContent Heap Buffer Overflow Vulnerability
12 Nov 2013
CVE-2013-3911
Microsoft Internet Explorer Memory Corruption Vulnerability
11 June 2013
CVE-2013-3119
Microsoft Internet Explorer Memory Corruption Vulnerability
14 May 2013
CVE-2013-1312
Microsoft Internet Explorer CDOMTextNode Use After Free Vulnerability
12 Mar 2013
CVE-2013-0090
Microsoft Internet Explorer CCaret Use After Free Vulnerability
12 Feb 2013
CVE-2013-0029
Microsoft Internet Explorer CHTML Use After Free Vulnerability
12 Feb 2013
CVE-2013-0020
Microsoft Internet Explorer CMarkup Use After Free Vulnerability
21 Sept 2012
CVE-2012-2548
Microsoft Internet Explorer Layout Remote Code Execution Vulnerability
21 Sept 2012
CVE-2012-2548
Microsoft Internet Explorer 9 CTreeNode Remote Code Execution Vulnerability
14 Feb 2012
CVE-2012-0011
Microsoft Internet Explorer HTML Layout Remote Code Execution Vulnerability
14 Feb 2012
CVE-2012-0155
Microsoft Internet Explorer VML Remote Code Execution Vulnerability
09 Aug 2011
CVE-2011-1964
Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
09 Aug 2011
CVE-2011-1347
Microsoft Internet Explorer Protected Mode Bypass Vulnerability
18 July 2011
CVE-2011-1741
EMC Documentum eRoom Indexing Server Remote Code Execution Vulnerability
14 June 2011
CVE-2011-1346
Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
08 June 2011
CVE-2011-0817
Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Vulnerability
12 April 2011
CVE-2011-1345
Microsoft Internet Explorer Event Handler Type Confusion Use After Free Vulnerability
04 April 2011
CVE-2011-0994
Novell File Reporter Agent XML Parser Stack Buffer Overflow Vulnerability
31 Jan 2011
CVE-2011-0276
HP OpenView Performance Insight Server Backdoor Account Vulnerability
14 Dec 2010
CVE-2010-3345
Microsoft Internet Explorer Select Element Use After Free Vulnerability
13 Oct 2010
CVE-2010-3552
Oracle Java IE Browser Plugin Stack Buffer Overflow Vulnerability
06 Oct 2010
 
Novell iManager File Upload Remote Code Execution Vulnerability
29 Sept 2010
 
IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability
21 July 2010
CVE-2010-2773
Novell Teaming Arbitrary File Upload Remote Code Execution Vulnerability
21 June 2010
CVE-2010-0284
Novell Access Manager File Upload Remote Code Execution Vulnerability
01 June 2010
 
Novell ZENworks Preboot Service Stack Buffer Overflow Vulnerability
23 April 2010
 
Novell ZENworks UploadServlet Remote Code Execution Vulnerability
05 April 2010
CVE-2010-0838
Sun Java CMM readMabCurveData Stack Buffer Overflow Vulnerability
23 Feb 2010
CVE-2010-0620
EMC HomeBase Arbitrary File Upload Remote Code Execution Vulnerability
08 Dec 2009
CVE-2009-3844
HP Application Recovery Manager Stack Buffer Overflow Vulnerability
20 Nov 2009
CVE-2009-3843
HP Operations Manager Backdoor Account Code Execution Vulnerability
28 Oct 2009
 
EMC & OpenText Hummingbird STR Service Stack Overflow Vulnerability
23 Sept 2009
CVE-2009-3068
Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
22 July 2009
 
Akamai Download Manager Stack Buffer Overflow Vulnerability
21 July 2009
 
Novell Privileged User Manager Remote DLL Injection Vulnerability
28 April 2009
 
TIBCO SmartSockets Stack Buffer Overflow Vulnerability
14 Oct 2008
 
Microsoft Host Integration Server Command Execution Vulnerability
14 Sept 2008
CVE-2008-3684
EMC ApplicationXtender Server Admin Agent Heap Overflow Vulnerability
14 Sept 2008
CVE-2008-3685
EMC ApplicationXtender Server Admin Agent File Upload Vulnerability
04 Jun 2008
 
VMware Tools HGFS Local Privilege Escalation Vulnerability
27 May 2008
 
EMC AlphaStor Server Agent Multiple Buffer Overflow Vulnerabilities
27 May 2008
 
EMC AlphaStor Library Manager Command Execution Vulnerability
10 Apr 2008
 
EMC DiskXtender Authentication Bypass Vulnerability
10 Apr 2008
 
EMC DiskXtender File System Manager Buffer Overflow Vulnerability
10 Apr 2008
 
EMC DiskXtender MediaStor Format String Vulnerability
19 Feb 2008
 
EMC RepliStor Multiple Heap Overflow Vulnerabilities
09 Jan 2008
 
Novell NetWare Client Local Privilege Escalation Vulnerability
07 Jan 2008
 
Motorola netOctopus Agent Privilege Escalation Vulnerability
24 Dec 2007
 
Novell ZENworks ESM Client Local Privilege Escalation Vulnerability
12 Nov 2007
 
Novell NetWare Client Privilege Escalation Vulnerability
06 Nov 2007
 
Microsoft DebugView Privilege Escalation Vulnerability
10 Oct 2007
 
Kaspersky Web Scanner ActiveX Format String Vulnerability
10 Aug 2007
CVE-2007-4335
Qbik WinGate Remote Denial of Service Vulnerability

Services

Vulnerability Discovery

For vendors, the cost of shipping vulnerabilities far outweighs the cost of identifying and patching them before shipping product, while for customers, deployment of secure third party software and components is key to operating in a secure environment.

This service offers to discover critical software vulnerabilities in your products through processes such as source code auditing, advanced reverse engineering and customized fuzzing. Stephen has already discovered critical vulnerabilities in software products from vendors such as Microsoft, Oracle, Sun, Adobe, EMC, HP, Novell, IBM, Motorola, Akamai and Kaspersky.

Research & Development

This service offers offensive security based research and development. Please contact Stephen to discuss your requirements.


Due to the nature of these services, clients will be vetted and accepted on a case by case basis. Please contact Stephen for further information.

Contact

Twitter
Email
 
PGP
Key ID: 0xA4EB1AC0
All the fields are required