<![CDATA[I wrote a thing about a thing.]]>I wrote a thing about a thing.

Specifically, Finding Vulnerabilities with Crassus – A Case Study with ESET.

I created Crassus on a whim a few years ago, and it's interesting to see that it still can find things.

It's also interesting (disappointing) that reporting vulnerabilities to vendors is still as painful as ever.

Link Preview Image
]]>https://board.circlewithadot.net/topic/e831a9aa-b13c-4354-8dbd-1b7664b9ced9/i-wrote-a-thing-about-a-thing.RSS for NodeThu, 16 Apr 2026 04:13:11 GMTFri, 03 Apr 2026 20:58:45 GMT60<![CDATA[Reply to I wrote a thing about a thing. on Sat, 04 Apr 2026 11:55:51 GMT]]>@j91321
Thanks.

I think at the end of the day, "Product <foo> is vulnerable, but product <bar> mitigates it", does not change the fact that "Product <foo> is vulnerable"

Specifically, in my original analysis, I installed the product with ESET Endpoint Antivirus 11.0.2044.0, and that product does not do anything to mitigate the vulnerability.

I don't know if it's an EEA vs. EES thing, or a version number thing. But either way, it is indeed possible to install ESET Inspect Connector in a way that truly is vulnerable.

Personally, I think that if ESET Inspect Connector contains a vulnerability, then that product itself should get the attention it needs to mitigate it, without relying on another product to mitigate it.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/wdormann/statuses/116346306645003557https://board.circlewithadot.net/post/https://infosec.exchange/users/wdormann/statuses/116346306645003557Sat, 04 Apr 2026 11:55:51 GMT<![CDATA[Reply to I wrote a thing about a thing. on Sat, 04 Apr 2026 06:34:05 GMT]]>@wdormann Hey, thanks for the report and sorry about that response. Whoever wrote it was not being very helpful, I'll look into that. By "another product" they mean ESET Endpoint Security which has a driver that (should) enforce self-defense on the path. Without EES, EIConnector doesn't work. That however doesn't make this finding invalid, if you are somehow able to install one without the other.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/j91321/statuses/116345041417367297https://board.circlewithadot.net/post/https://infosec.exchange/users/j91321/statuses/116345041417367297Sat, 04 Apr 2026 06:34:05 GMT<![CDATA[Reply to I wrote a thing about a thing. on Sat, 04 Apr 2026 02:26:24 GMT]]>@FritzAdalis @wdormann also came here to say exactly this. Kudos 😎

I've been looking to play around with this for a while as it looks awesome.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Slater450413/statuses/116344067493968795https://board.circlewithadot.net/post/https://infosec.exchange/users/Slater450413/statuses/116344067493968795Sat, 04 Apr 2026 02:26:24 GMT<![CDATA[Reply to I wrote a thing about a thing. on Fri, 03 Apr 2026 23:50:48 GMT]]>@FritzAdalis
I'm flattered that you even knew about it! 🎉

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/wdormann/statuses/116343455664084402https://board.circlewithadot.net/post/https://infosec.exchange/users/wdormann/statuses/116343455664084402Fri, 03 Apr 2026 23:50:48 GMT<![CDATA[Reply to I wrote a thing about a thing. on Fri, 03 Apr 2026 22:12:50 GMT]]>@wdormann
You did Crassus? Nice, thanks.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/FritzAdalis/statuses/116343070449393224https://board.circlewithadot.net/post/https://infosec.exchange/users/FritzAdalis/statuses/116343070449393224Fri, 03 Apr 2026 22:12:50 GMT<![CDATA[Reply to I wrote a thing about a thing. on Fri, 03 Apr 2026 21:31:20 GMT]]>@wdormann "Currently it is not possible to improve behavior."

-____________-

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/stephen0x2dfox/statuses/116342907217673608https://board.circlewithadot.net/post/https://hachyderm.io/users/stephen0x2dfox/statuses/116342907217673608Fri, 03 Apr 2026 21:31:20 GMT