Binder Secctx Patch Analysis

In the beginning of 2019, a new feature was added in the Binder kernel module. This patch allows to send the caller SElinux context in a Binder transaction. This feature was in fact a fix for CVE-2019-2023. This vulnerability is related to an unsafe use of the getpidcon function, leading to ACL bypass.

This article studies details of this patch and its impact on security.

Offres de stage hiver 2019

Comme chaque année, nous ouvrons plusieurs offres de stage sur des projets utilisés en interne par notre équipe. Si vous êtes intéressé(e) par l'une d'entre elles, merci de nous faire parvenir un message à apply@synacktiv.com avec l'offre concernée dans le sujet.

Scraps of Notes on Exploiting Exim Vulnerabilities

Recently, Qualys published an advisory about a severe vulnerability impacting Exim MTA: CVE-2019-15846. In their report, they even claim that they do have a PoC granting a remote attacker root privileges. The report was followed by instant alarmist articles: "Millions of Exim servers vulnerable to ..."

Back in 2018, we quite successfully developped a PoC (that was never released) for another vulnerability (CVE-2018-6789) in Exim from the well detailed post published by Devcore. So, we decided to do the same with the newly disclosed vulnerability.

In this post, we present an overview on Exim internals from the exploitability point of view. We then present our notes on exploiting both vulnerabilities along with the PoC.

BFS 2019 Exploitation Challenge

On September 7th, 2019, BFS published an exploitation challenge on Windows 10 x64 to win an entry for the BFS-IOACTIVE party during the Ekoparty conference. This blogpost aims at describing a successful resolution of the challenge.

"No grave but the SIP": Reversing a VoIP phone firmware

When conducting internal intrusion tests, one can find interesting to access the phones used by a client, as they are often connected to an internal network and can provide some kind of persistent access. This article presents the research done for getting a good grasp on the firmware of Yealink …

Offre d'emploi dév. front-end web et mobile

Un poste de développeur front-end web et mobile s'ouvre dans notre équipe !

Il vient s'ajouter à ceux déjà ouverts : pentester, reverser, dev et sysadmin.

2019 summer challenge writeup

The 2019 summer challenge is now closed! This was a bit of a departure from the usual hardened binaries, as it showcased a programming model that is not a distant relative of the Turing machine. This article will give a high level overview of the challenge's solution, and some behind-the scenes comments.

Exploiting a No-Name FreeBSD Kernel Vulnerability

Introduction

A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.

2019 summer challenge: Alonzo!

The Synacktiv summer challenge is back!

icmp-reachable

A strange behavior was observed by Synacktiv experts during the security assessment of a stateful firewall implementation... After few coffees & RFCs it was understood that it could be a generic issue that might affect multiple IP stacks. So... What is a strange firewall behavior ?

Page 1 / 4 »