© 2014 ReVuln™

News

18 Sep 2014

Released paper Exploiting Steam Lobbies and Matchmaking.

13 Sep 2014

New website layout to celebrate the second anniversary of the company.

About Top Services

Vulnerabilities

Nowadays a security vulnerability is what makes the difference on both the defensive and offensive side.

Being aware of the issues that affect the software used in our private and public organizations is essential for blocking incoming attacks, and it's decisive as strategic advantage against the internal and external threats of a company or a country.

We provide information regarding 0-day security vulnerabilities affecting a wide range of products: both vastly used software like web browsers and specific products like industrial SCADA/HMI and others.

We provide also on-demand security research for targets not currently covered in our research and custom software, even with on-site research if necessary.

Additionally our research is available on both exclusive and non-exclusive plans, depending by your needs and resources.

These services are available only for selected companies and governments.

Contact us for additional information (PGP required).

Testing

A security assessment allows your software and hardware products to decrease or even neutralize their security issues, and consequently limiting the risks for your customers.

We provide various solutions to test your products, like the following:

  • White box

    Code auditing and review of the source code you provide and testing of the final product.

  • Black box

    Testing of the same product as is distributed with or without additional knowledge about its internals.

  • On-site testing

    Testing of products that are available only inside your company and laboratory.

  • Custom

    Any detail and rule of the testing is decided with you.

The duration of the assessment is decided according to your preferences, your needs and the project. We can opt for a one week testing, one month, a long-term partnership or anything else which is better for the specific situation.

We have proved experience and we are leaders in the security research performed on the following products:

  • Multiplayer Games

    Our researchers have found the largest amount of server-side vulnerabilities affecting known game engines like Unreal, Source, Crysis, idTech, Lithtech and many other single games.

  • Game-related Software and Digital Content Delivery Systems

    Our researchers have found the largest amount of vulnerabilities affecting various software like Steam, EA Origin, Punkbuster, TeamSpeak, Ventrilo and others.

  • Online Poker and Gambling Software

    We have released various public research covering core software like B3W, Microgaming and Playtech, they are used by important skins like Yachting Poker, PKRaise, Unibet, Titan Poker, William Hill Poker and Bet365 Poker.

  • Industrial Software

    Our researchers have covered the widest range of SCADA and industrial-related software of companies like General Electric, Siemens, ABB, Rockwell, Invensys, Schneider, InduSoft, CoDeSys and many others.

  • Server-side Software

    Our researchers have found vulnerabilities in products of companies like Microsoft, HP, EMC, MySQL, Novell, TrendMicro, Symantec, Sybase, McAfee, Borland, SAP and others.

  • SmartTV Security

    We have released various research on products like Samsung and Philips, probably the most known is the Miracast backdoor affecting all the Philips 2013 models.

Feel free to consult our Research and Press pages for references about our public works.

Contact us for additional information.

Consulting

We are available for other tasks not covered by the previous services.

We offer professional consultancy on various security aspects and we can work together with your development team to find the best solutions for any security-related problem in any phase of product development, both before and after the release on the market.

We are also available for specific projects.

Contact us for additional information.

News Top Research

Papers

We periodically release public research about various topics, covering a wide range of security and design issues.

Although such content is rich of technical information, we try our best to make our papers readable and accessible to the largest audience.

Exploiting Steam Lobbies and Matchmaking

18 Sep 2014

Description of the security vulnerabilities that affected the Steam lobbies and all the games using the Steam Matchmaking functionalities.

Summary: A single attacker was able to easily deny the online experience of many multiplayer games sold on Steam.

Steam Service Security

10 Jul 2014

How a malware or an exploit can use the Steam local service to escalate its privileges.

Summary: Unpatched local privilege escalation issues in the Steam Client Service.

Steam Voip Security

04 Jul 2014

Overview and details about the security issues found in the Steam voice framework.

Summary: Description of various remote security vulnerabilities that affected the voip API used by Steam and various games.

Owning Render Farms via NVIDIA mental ray

10 Dec 2013

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

Game Engines: A 0-Day's Tale

20 May 2013

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.

An Overview Of Online Poker Security

10 Apr 2013

Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.

"Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money..."

Battlefield Play4Free Arguments Injection

22 Mar 2013

In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by ReVuln at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

Multiplayer Online Games Insecurity (white paper)

22 Mar 2013

White paper of the presentation given at Black Hat Europe 2013

EA Origin Insecurity (when local bugs go remote... again)

15 Mar 2013

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.

Call of Duty: Modern Warfare 3 NULL pointer dereference

13 Nov 2012

In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

Steam Browser Protocol Insecurity (when local bugs go remote)

15 Oct 2012

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.

Presentations

The following are the slides of the talks we performed at the conferences listed on the Conferences section.

Reloading Java Exploits

02 Jun 2014

Presented at Hack In The Box Europe 2014.

SmartTV Insecurity

27 May 2014

Presented at PHDays IV 2014.

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

17 Jan 2014

Presented at S4 (SCADA Security Scientific Symposium) 2014

Smashing Exploit Detectors: The Java Exploits Case

11 Nov 2013

Presented at CounterMeasure 2013

Exploiting Game Engines for Fun and Profit

20 May 2013

Presented at NoSuchCon 2013

Multiplayer Online Games Insecurity

22 Mar 2013

Presented at Black Hat Europe 2013

A 0-day's life: "Offense as Defense"

08 Feb 2013

Presented at Suits and Spooks DC 2013

Owning Multiplayer Online Games

13 Nov 2012

Presented at Power of Community 2012

Services Top Events

Conferences

We periodically attend various security conferences as speakers, for releasing the results of some of our research.

The following is the list of conferences that we will attend and those we attended in the last years.

The slides of these conferences are available in the Presentations section.

Hack In The Box 2014

29 May 2014 - Amsterdam, Netherlands

Reloading Java Exploits: Long Live Old JRE!

Positive Hack Days (PHDays)

21 May 2014 - Moscow, Russia

Smart TV Insecurity

SCADA Security Scientific Symposium 2014

14 January 2014 - Miami, USA

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

Countermeasure 2013

07 November 2013 - Ottawa, Canada

Smashing Exploit Detectors: The Java Exploits Case

NoSuchCon 2013

15 May 2013 - Paris, France

Exploiting Game Engines For Fun And Profit

Suits&Spooks 2013 DC

08 Feb 2013 - Washington DC, USA

A 0-days life: Offense as Defense

Black Hat Europe 2013

12 Mar 2013 - Amsterdam, Netherlands

Multiplayer Online Games Insecurity

SCADA Security Scientific Symposium 2013

16 Jan 2013 - Miami, USA

Experimental Project for SCADA/HMI Defense

Power Of Community 2012

08 Nov 2012 - Seoul, South Korea

Owning Multiplayer Online Games

Research Top About

Company

ReVuln Ltd. is an European security company focused on performing various types of security research on a wide range of fields.

The company was founded the 13th September 2012, we are a privately held company company (C 57557) financed with the own internal sources.

We are located in Malta and we operate worldwide.

The founder and owner of the company is the security researcher Luigi Auriemma (Milan, Italy).

Luigi has a wide and proved experience in vulnerability research since 2001, he maintains one of the biggest collections of personal full-disclosure security advisories available.

His public findings cover multiple types of products: multiplayer online games, game related software, SCADA/HMI software, enterprise servers, media players, SmartTV, P2P software and more.

ReVuln Ltd.
Level 3, Theuma House, 302, St.Paul Street
Valletta VLT1213
Malta

Testimonials

We are long term security partners of Epic Games for which we provide security support, assessment and consulting for their new Unreal Engine 4 product.

More information about the partnership are available on their blog post Epic Games Enlists ReVuln to Augment Security Efforts.

Press

Our company has ever received an important media coverage since the beginning.

The 14th July 2013 we were on the first page of New York Times for an article regarding the scenario of vulnerability brokers and governments: Nations Buying as Hackers Sell Knowledge of Software Flaws, the original frontpage is available here.

We strongly believe that the press is not only a way to diffuse the name of the company, it's moreover the opportunity for our research and work to reach a wide audience and allowing more people to understand and discuss about security.

The following is a brief collection of the media coverage we received.

Events Top News