Publications

Fuzzing confused dependencies with Depfuzzer

25/09/2024
Outils
In the landscape of software development, leveraging open-source libraries and packages through registries like NPM, PyPI, Go modules, and Crates for Rust has become standard practice. This approach facilitates the rapid integration of diverse functionalities into applications, driving both innovation and efficiency across the development community. While the benefits of using these resources are clear, the management of external dependencies introduces a set of considerations regarding security and maintainability. Inspired by Alex ...

Defend against vampires with 10 gbps network encryption

13/09/2024
Réseau
Cryptographie
Pentest
Système
Discover how attackers can sniff your data on network cables and how you can defend against it, by encrypting on-the-fly all your ethernet traffic with very good performance. Keywords : wireguard, vxlan, tapping, fiber optics, lan2lan, macsec

Diving into ADB protocol internals (1/2)

12/09/2024
Développement
Outils
For those having experience working on Android devices, you may already be familiar with a useful tool called adb. This tool is invaluable for debugging, offering a unified way to execute shell commands, transfer files, install APKs, and much more. In this first blogpost, we will explore its underlying protocol between client and server and introduce a Rust crate called adb_client implementing it.

Using Veeam metadata for efficient extraction of Backup artefacts (2/3)

30/08/2024
CSIRT
In a previous blogpost, we explored Veeam Backup & Replication's "backup chain metadata" files and how to parse them in a comprehensive Velociraptor artifact. In this article, we complement our findings with metadata embedded directly in VBR's Storage files. Then, we create a Velociraptor pipeline to remotely access relevant forensic artefacts in backed up data. This aims to enable DFIR analysts to extend the time horizon in their investigations using Veeam backups and Velociraptor, while minimizing network bandwidth usage and extensi...

Quantum readiness: Hash-based signatures

26/08/2024
Cryptographie
Building robust digital signature algorithms is one of the main challenges in post-quantum cryptography, as classical signatures such as ECDSA and RSA are broken by quantum computers. Thankfully, in the past decades, the academic field has come up with multiple quantum-resistant algorithms which are now being standardized and implemented in modern software. This article highlights XMSS and SPHINCS+, two digital signature algorithms which rely on the well-known robustness of hash functions against quantum computers. However, each one c...

LAPSUS$ is dead, long live HexaLocker?

18/08/2024
CSIRT
The LAPSUS$ threat group has been known since 2021 for spear phishing, data theft, and extortion against large companies (e.g., Microsoft, Nvidia, Uber). Although evidence of destruction methods was reported, there was no known use of ransomware. In June 2024, LAPSUS$ announced its closure. However, two months later, a new ransomware called HexaLocker was advertised on Telegram channels. Its "only real" admin and probable developer is ZZART3XX, one of the LAPSUS$ administrators. This article will dissect the HexaLocker ransomware samp...

SCCMSecrets.py: exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement

14/08/2024
Pentest
SCCM policies are a prime target for attackers in Active Directory environments as they may expose – intentionally or otherwise – sensitive technical information such as account credentials. Said credentials could be retrieved by authenticated attackers impersonating a registered device, or in some cases from an unauthenticated position by exploiting misconfigurations on policies distribution. SCCMSecrets.py is a python utility that builds upon existing SCCM research. It goes beyond NAA credentials extraction, and aims to provide...

GitHub Actions exploitation: Dependabot

06/08/2024
Pentest
Following our GitHub action exploitation series, we found a new GitHub action exploitation technique leveraging the Dependabot GitHub app to compromise some repositories, leading to arbitrary code push. In this article we will explain how we discovered it and illustrate with 2 real world examples which are the Spring-security and trpc projects.

Battle of the parsers: PEG vs combinators

25/07/2024
Développement
Outils
Système
In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.

Injecting Java in-memory payloads for post-exploitation

23/07/2024
Pentest
Back in March, we described tips that could be used when exploiting arbitrary deserialization on Java applications. During the next red team engagements, we faced Java applications affected by other kind of vulnerabilities leading to code execution. This article will try to present a few other tricks that were used to inject an in-memory Java payload, illustrated with concrete examples by targeting well-known applications.