What is Vulnary?

The Vulnary framework was developed by Hacktivity Labs. Our aim was to provide a tool for auditing and vulnerability testing of Windows applications, as there is no tool on the market currently that can determine in minutes whether an application contains vulnerabilities or not.

The tool is designed for applications used in IT systems, so the operators do not have to trust them blindly before they start using them on a wide scale. On the other hand, if an operator is already using an application that has one or more errors, the problem can be immediately identified via Vulnary.

There are many free and paid services available to determine whether a given application performs harmful activity during its operation or not. But there is no such framework that can examine whether the developer of the application has made any mistakes leading to a vulnerability that can be exploited by an attacker.

With the help of Vulnary you can audit an application and generate a report in minutes which helps with the evaluation, but the automatically generated report itself is suitable for notifying the developer in order to get the error repaired as soon as possible.

Furthermore, the report we receive is detailed enough to continue further analysis regarding the application. Using the framework can help to effectively and quickly audit a large number of applications. Without Vulnary this type of application testing takes a very long time and requires the knowledge of a skilled and experienced professional. In addition, the use of Vulnary and the interpretation of the reported errors need much less professional knowledge, thus less qualified colleagues can run a large number of vulnerability tests securely as well.

VULNERABILITIES LIFE-CYCLE

Release it, Find it
Fix it, Re-release it

Nowadays everybody uses many tools and services from different sources. These sources have different standards and abilities to develop their products. People who are using these products did not have a chance to test them, so they had to trust blindy. Until now...

Why Choose Vulnary?

As a developer, you can find the bugs right before the release
As an end-user you can find the bugs before mass installation
Find software vulnerabilities immediately
Speed up the vulnerability life-cycle

Initial Release

Releasing a product which contains a bug

Detection

Someone detects/finds the vulnerability in the product

Re-Release

When the patch/update is ready, it is re-released (usually 30-90 days needed)

Start Fixing

In case the vendor notices the bug, starts fixing it (usually 30-90 days are needed)

OUR CURRENT FEATURES

Vulnary's current version can detect 3 types of software bugs

DLL Hijack

- Persistence (most of the AV products can't detect by this technique)
- Credential/info theft (security products try to block traditional code injection techniques, however this is an open door)

COM Hijack

via COM sub-System (ab)used:
- malicious actors can inject code and elevate privilege
- ITW (In The Wild) malware use this technique

Local Privilege Escalation

Since Vulnary counting with process privilege level, it can easily detect Local Privilege Escalation vulnerabilities