Wed, 01/19/2022 - 10:45During my 6-months intership, I developed a tool to ease vunerability research on Java applications. I used several software and libraries, and faced a number of issues throughout the development of this tool, Captain Hook. This article describes Captain Hook's development process from the beginning along with its challenges.
Fri, 01/14/2022 - 18:01Why you never managed to connect to this fre*king NTLM EPA protected website and how to finally reach it.
Mon, 11/22/2021 - 15:15Several materials already describe this type of attack, this document is an operational feedback from the CSIRT Synacktiv on several BEC incidents based on Microsoft 365 service. This is the part one of this publication.
Thu, 11/04/2021 - 11:32During a penetration test we encountered the ManageEngine ADSelfService Plus (ADSS) solution. ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users. We decided to dig into this solution. However, our research barely started that a wild exploitation on this solution was announced. In this article we will explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the ...
Thu, 10/28/2021 - 10:21 We found a new Java gadget chain in the Mojarra library, one of the most used implementation of the JSF specification. It uses a known entry point to start the chain and ends with arbitrary code execution through Java's Expression Language. It was tested on version 2.3 and 3.0 of the Eclipse implementation of the JSF specification.
Tue, 10/26/2021 - 10:40Used to interact with various ECU (Electronic Control Unit) in a car, the UDS (Unified Diagnostic Services) service is widely deployed by car constructors. This generic high level protocol is used to extract ECUs state, configure them or even update their firmware. When the implementation lacks cryptography support inside an ECU, the security level can decrease dramatically. This short blog post presents an hardware attack leveraging all diagnostic functions to an unauthorized tester.
Mon, 10/18/2021 - 15:23We found a new Java gadget chain in the Mojarra library, one of the most used implementation of the JSF specification. It uses a known entry point to start the chain and ends with arbitrary code execution through Java's Expression Language. It was tested on versions 2.3 and 3.0 of the Eclipse implementation of the JSF specification.
Tue, 09/28/2021 - 09:29Quantum computing. Among all the fashionable IT buzzwords, this one comes prominently. Quantum computing, or the idea people get of it, feeds a lot of fantasy. This trend is supported by the news that sometimes relay hazy information about a topic they do not fully grasp. Getting a precise view of the state of quantum computing and its implications on security is not easy if you are not familiar with the topic. In this article, we will try to answer this seemingly simple question: is it post quantum time yet?
Fri, 09/17/2021 - 16:06Reverse-engineering a hashing mechanism and optimizing password cracking
Wed, 09/08/2021 - 12:59Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit methods...