THE ISSUES OF COMPUTER SECURITY IN 2020

IN 2020, WHO CAN ASSERT NOT TO OWN ANY CONNECTED DEVICE? COMPUTERS, SMARTPHONES, TABLETS, TELEVISIONS, DOMOTICS ... WE LIVE IN AN ULTRA-CONNECTED WORLD AND THIS IS NOT LIKELY TO CHANGE ANYTIME SOON.

Information has become the most valuable asset in the social, political and industrial contexts. Therefore, the protection of information assets often turns out to be crucial when it comes to ensuring the sustainability of industrial or state organizations - although at first glance it may appear to represent additional costs with no return on investment.

The press increasingly spreads the word about the disclosure of users' personal data, ransom demands via ransomware and compromises of large companies. The resources deployed to safeguard data are increasing at the same pace as those engaged to breach through the security barriers.

Cybersécurité

Cybersecurity is now the crux of the matter

picto-espionnage

Political and industrial espionage

picto-rançon

Ransom demand via ransomware

picto-atteinte à l'image

Reputational damage

picto-destruction patrimoine

Destruction of information assets

Case study

Most frequent cases

Spear-phishing

Our team sends a malicious email to a dozen user. Two users enable the macro, which allows us to take over the workstations. The team then pivots towards the internal network, escalates privileges and exfiltrates the mission trophies.
Spear-phishing

Vulnerable front-end server compromise

Our team identifies a critical vulnerability in an application exposed on the Internet, compromises a server, then another, and gradually accesses the internal network to demonstrate to the mission's sponsor that it is possible to access the defined trophies.
Vulnerable front-end server compromise

Reuse of authentication secrets

The team finds the passwords of several employees in public data breaches. Some passwords are still valid on an extranet which does not require two-factor authentication. A vulnerability on this extranet leads to the compromise of the internal domain and to the retrieval of sensitive data.
Reuse of authentication secrets

SYNACKTIV, A GUARANTEE OF TECHNICAL EXPERTISE

At Synacktiv, we make it a point of honor to ensure our clients' satisfaction. Such a result can only be achieved through state-of-the-art technical expertise and a thorough understanding of today's threats. Because we strive for constant improvement, we take part in international conferences and "Capture the Flag" competitions to perfect our knowledge and intrusion techniques.

 

Témoignages

Testimonials

Our expertise allows us to meet our clients' requirements precisely and to focus on the aspects they deem most important.
Dailymotion

Sébastien Gaïde

CTO
Experts in penetration testing, and very familiar with the technologies we use, Synacktiv proved to be an excellent choice: a perfectly mastered methodology ensuring the exhaustiveness of the test surface, up to the very detailed report allowing to further improve the security of our platform.
qonto

Marc-Antoine Lacroix

CTO
In the banking sector more than elsewhere, security is a key issue. We call upon Synacktiv on a regular basis to ensure the level of our practices, to make them evolve and to validate the security of our platform.
SPB

Fabien Desmoulins

CISO
Synacktiv's support was precious when I took over as Information Systems Security Manager of the SPB Group. The training provided by Synacktiv's teams allowed me to improve my technical knowledge and to better understand the threats.

The latest news

Bypassing Naxsi filtering engine

Exploit
In order to better protect its users, NBS System has asked Synacktiv to perform a source code review of Naxsi, a famous open source Web Application Firewall (WAF). During this audit, Synacktiv discov...
Learn more