mar 15/12/2020 - 13:25Lumina is a built-in function recognition feature of the well-known IDA pro disassembler that relies on an online signature database. Unfortunately, the database server is not available for local private use. Have you ever raged at a misstyped hotkey that sent your database content to the Lumina servers, wondered how it works, what kind of data is sent, and wished for a local server under your control? This blog post might answer some of your questions.
jeu 10/12/2020 - 07:39Despite an active console hacking community, only few public PlayStation 4 exploits have been released. In this post, we will give a walk-through on the exploitation of a 0-day WebKit vulnerability on 6.xx firmware.
mer 09/12/2020 - 09:23SoC usually have the capability to customize the hardware behavior at system boot based on the value of input pin states called configuration word. However, the set of pull-up and pull-down resistors that control the configuration word can be hard to locate, especially on chips using BGA casings. In this study you will see that you don't always have to use expensive equipment to uncover these pins, sometimes all you need is a scope, a decent camera and knowing what you're looking for.
mar 01/12/2020 - 10:09Back in the beginning of November, Project Zero announced that Apple has patched a full chain of vulnerabilities that were actively exploited in the wild. This chain consists in 3 vulnerabilities: a userland RCE in FontParser as well as a memory leak and a type confusion in the kernel. In this blogpost, we will describe how we identified and exploited the kernel memory leak.
jeu 26/11/2020 - 16:19You probably already have encountered a fanatical WAF during an engagement that turned you crazy preventing your almighty SQL injection from being exploited properly. This will never happen again thanks to a novel advanced technique based on artificial intelligence and block chain analysis. Read this article to know how. Disclaimer: this is click-bait.
mer 25/11/2020 - 12:43In this blogpost, we will find what happens when two security researchers find a random printer and then manage to find vulnerabilities in it.
jeu 05/11/2020 - 09:16In order to better protect its users, NBS System has asked Synacktiv to perform a source code review of Naxsi, a famous open source Web Application Firewall (WAF). During this audit, Synacktiv discovered several vulnerabilities that could allow bypassing the application of the filtering rules. This short blog post will present the most critical vulnerabilities and how they were fixed by NBS System. The fixes have been published on version 1.1a quickly after they were reported: https://github.com/nbs-system/naxsi/releas...
jeu 03/09/2020 - 13:44As you may already know, we collaborated with Zero Day Initiative to disclose a vulnerability in Ubuntu's ppp package. This vulnerability has been assigned the identifiers ZDI-CAN-11504 / CVE-2020-15704.
mer 26/08/2020 - 09:12Have you ever compromised a Cisco ISE with CVE-2017-5638? But what could you do next? This is a good network access but it can actually give you more. After a little digging, we found that guests passwords were stored in plaintext or encrypted (configuration dependent). This article explains how to extract the encrypted passwords, the encryption key and why it matters.
mar 04/08/2020 - 12:35On 23/07/2020, we published a study of the DJI GO4 application. This application, allowing to control a drone, is dedicated to the consumer grade aircraft segment. We also studied DJI Pilot, the application dedicated to professionals and companies, in order to assess its security and look at the difference between the two apps. We found similar issues to those listed in our previous blogpost in this application, such as a forced update mechanism.