Publications

netdata apps.plugin security fixes

jeu 19/04/2018 - 15:54 Synacktiv met netdata in the wild in the last few months. This blog post aims at telling the story of a vulnerability which was first forgotten 1 year ago and then partially fixed. On a standard setup, the vulnerability can be exploited by gid netdata to read arbitrary files owned by root. On a weak setup (as seen in the wild by Synacktiv), the vulnerability can be exploited by all users.

HP iLO talk at Recon Brx 2018

mer 07/02/2018 - 15:59 Since we presented our vulnerability in HP Integrated Lights-Out (iLO) 4 to Recon Brussels, we are now releasing the slides and tools that were developed during our study.

RCE vulnerability in HP iLO

mar 12/09/2017 - 12:59 On August 28th, HP published a security bulletin regarding a critical vulnerability in HP Integrated Lights-Out (iLO) 4. This blog post aims at giving some details about this vulnerability, and a few hints for administrators to protect their servers. This research only applies to iLO version 4.