Krash Consulting has been serving in the Cyber Security space to secure our client’s data for over fifteen years. We have delivered our expertise from start-ups to world-leading organizations of various domains, including IT/ITES (Information Technology/Information Technology Enabled Services), BFSI (Banking, Financial Services, and Insurance), Government, Healthcare and manufacturing. We have provided our services in India, Singapore, Saudi Arabia, Kuwait, UAE, Bahrain, Oman, Iran, Morocco, and Mauritius.
Our strengths in the area of reverse engineering, exploit development, fuzzing, and penetration testing makes us exclusive in the field of Cyber Security. Finding zero-days for Microsoft, Google, Mozilla, and others have also kept us busy for over a decade.
Our specialized areas of training include Advanced Metasploit, Fuzzing for vulnerabilities, Malware Analysis, and Writing Exploits, which we have delivered at Domestic and International Security Conferences. We also have enabled our presence at Cyber Security conferences around the world like ZERONIGHTS (Moscow, Russia), DEFCON (Las Vegas, USA), Black Hat (Las Vegas, USA), and NullCon (Goa, India).
In the heart of India’s High-Tech City Hyderabad, Krash Consulting has high-end infrastructure capable of executing large and mission-critical assignments with all support services and modern tools.
Our highly experienced security squad is in the penetration testing and ethical hacking industry for around 15 years. We adhere to transparent communication to make sure you do not get surprises on the report. Our assessments provide you with valuable insights into discovered vulnerabilities, the impact of breaches, and remediation steps to reduce exposure.
Our Penetration Testing focuses on a systematic approach to uncover vulnerabilities and saves you from any security breach and aligns with established standards and practices, combined with extensive expertise and experience.
Our values are on the belief of being focused on our strategic testing, being consistent in providing expert solutions, and continuously improving our methodologies and delivering quality service to our partners consistently.
- Planning and execution by highly skilled cybersecurity experts
- Strict rules of engagement
- Thoroughly researching your employees
- A firmly established level of effort
- Hand-crafted penetration attempts
- Thoroughly documented reports and suggestions
- Comprehensive coverage of the vulnerabilities.
- Severity – indicating the criticality of the issues found
- Analysis – Step-by-Step reproduction of the vulnerability so that the owners of the application/server find it easy to patch/re-configure
- Recommendation – Easiest possible ways to fix the issues found
Software flaws found by Krash Consulting
Krash Consulting is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code. This list of advisories provides insight into the specific vulnerabilities reported.
Google Chrome – Texture11 Memory Corruption in ANGLE (CVE-2018-17466)
Google Chrome – Stack buffer overflow in SwiftShader (CVE-2018-16082)
Google Chrome – Heap buffer overflow in WebGL TexImage3D (CVE-2018-6162)
Google Chrome – Heap buffer overflow in WebGL FreeIds (CVE-2018-6154)
Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8387)
Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8262)
Apple Safari – Memory Corruption in WebKit webGL (CVE-2018-4261)
Microsoft Excel Information Disclosure – Formula Record (CVE-2018-8163)
Microsoft Excel Remote Code Execution – Formula Record (CVE-2018-8162)
Apple Safari – Memory Corruption in WebKit webGL (CVE-2018-4130)
Microsoft Excel Remote Code Execution Vulnerability(CVE-2018-0796)
Google Chrome – Use after free in Blink(CVE-2018-6060)
Google Chrome – Heap buffer overflow in WebGL(CVE-2018-6073)
Mozilla Firefox- Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 (CVE-2017-7845)
Microsoft Edge – Information Disclosure Vulnerability (CVE-2017-11844)
Microsoft Edge – Memory Corruption Vulnerability (CVE-2017-11845)
Google Chrome – Use after free in WebAudio (CVE-2017-5129)
Google Chrome – Heap overflow in WebGL (CVE-2017-5128)
Firefox – Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)
Google Chrome – Out of bounds read in webGL (CVE-2015-1240)
Internet Explorer 11 – CSVGMarkerElement Use-After-Free (CVE-2015-1668)
Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0043)
Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0042)
Internet Explorer 11 – Cell Resizing (CVE-2014-4128)
Internet Explorer 11 – CSVGSVGElement Use-After-Free (CVE-2014-6354)
Internet Explorer 11 – CElement (CVE-2014-4145)
Internet Explorer 11 – first-letter Use-After-Free (CVE-2014-4050)
Internet Explorer 11 – Memory Corruption (CVE-2014-1772)
Internet Explorer 11 – Microsoft IE CSS Property / Unicode Character Handling Heap Buffer Overflow (CVE-2014-0313)
Microsoft Windows Direct2D Crafted 2D Geometric Figure Handling Memory Corruption (CVE-2014-0263)
Internet Explorer 10 – CElement Use-After-Free (CVE-2013-3150)
Internet Explorer 10 – CTreePos Use-After-Free (CVE-2013-3125)
Internet Explorer 10 – SmartDispClient Type Confusion (CVE-2013-3124)
Internet Explorer 10 – CSVGMaskElement Double-Free (CVE-2013-3118)
Internet Explorer 10 – LsGetTrailInfo (CVE-2013-0022)
Internet Explorer 10 – SetCapture (CVE-2013-0018)
Internet Explorer 9 – CFormElement (CVE-2012-1538)
Internet Explorer 9 – Attribute Remove (CVE-2012-1524)
GDI+ Record Type Vulnerability (CVE-2012-0165)
Excel SXLI Record Memory Corruption Vulnerability (CVE-2012-0184)
Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability (CVE-2012-0142)
Excel File Format Memory Corruption Vulnerability (CVE-2012-0141)
Google Chrome – Memory corruption in Skia (CVE-2011-3065)
Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1990)
RealPlayer SIPR Heap Buffer Overflow Vulnerability (CVE-2011-2945))
Excel Out of Bounds Array Access Vulnerability (CVE-2011-1274)
Excel Memory Corruption Vulnerability (CVE-2011-1277)