Publications

How to exploit Liferay CVE-2020-7961 : quick journey to PoC

lun 30/03/2020 - 16:48
Pentest
Liferay is one of the most known CMS written in Java that we encounter sometimes during assessment. Last week, we stumbled on the blog post from Code White Security entitled "Liferay Portal JSON Web Service RCE Vulnerabilities" describing an interesting issue. Unfortunately, there is no PoC associated with it, but as we love RCEs at Synacktiv, this is a good opportunity to learn something.

Pentesting Cisco SD-WAN Part 1: Attacking vManage

mer 25/03/2020 - 16:13
Pentest
In late 2019, a customer asked Synacktiv to perform a security assessment in a few days of their SD-WAN project based on the Cisco SD-WAN solution. During this engagement, we actually found a few interesting vulnerabilities in different components. For this first article, we will focus on the vManage component which was recently patched to address the following vulnerabilities: CVE-2019-16012: vManage Cypher Injection CVE-2019-16010: vManage Stored XSS

Azure DevOps Build Agent analysis

mar 28/01/2020 - 16:55
Pentest
Azure DevOps is becoming more and more used by customers as Microsoft pushes them to replace their on-premises VSTS Server with the cloud version, Azure DevOps. So what can we do if we compromise a build agent? Or even a basic developer account? This article aims at explaining how this whole build jobs works and what it can be (ab)used for.

Pwning an outdated Kibana with not so sad vulnerabilities

jeu 12/12/2019 - 08:09
Pentest
During a recent engagement, we came across an old outdated instance of the Kibana software. It was affected by two severe public vulnerabilities (CVE-2018-17246 and CVE-2019-7609). However, in the context, none of them was readily exploitable. In this article, we describe how we managed to takeover the software all the same, with a new exploitation technique. Don't expect any 0-dayz dropping in the following, only a new way to exploit two already known issues.

Practical DMA attack on Windows 10

mer 30/05/2018 - 13:16
Hardware
Pentest
Among the various security assessments performed by Synacktiv, some involve attacking the security hardening of a laptop or workstation master image that will be massively deployed in an infrastructure. The purpose of this kind of security assessment is to give the client an overview of its level of maturity regarding security concerns and provide him with some recommendations in order to increase his level of security. This post describes how Synacktiv defeated a workstation security measures by using a hardware appro...