jeu 23/07/2020 - 16:41Drones are currently one of the most dynamic products, with multiple use cases across sectors such as personal and commercial videography, farming and land surveying, law enforcement and national security, and more. One of the market leaders, China-based Daijiang Innovations (DJI), is often in the news for suspected cybersecurity and data privacy issues. While there are technical reports sponsored by DJI stating that their associated mobile application, DJI GO 4, is harmless and does not send any personal information b...
lun 08/06/2020 - 09:39In this blog post the goal is to explain how I started looking at the Lenovo password. We will start by looking at how the reverse was started and the different kinds of passwords in the firmware, before having a more in depth look at two of them: the Power-On Password and the Bios Passwords. No vulnerability has been identified (yet) in the management of those passwords, but without further ado let get started.
mer 03/06/2020 - 12:48Last week we published about the reintroduction of a kernel vulnerability in iOS 13. Here is the follow-up with the analysis of the fix.
ven 29/05/2020 - 17:38Last week-end a new version of the iOS jailbreak unc0ver1 was released with the support of the latest iOS 13.5. Since iOS 8 in 2014, this is the first jailbreak using a 0-day vulnerability, a vulnerability still unknown to Apple at the time of the release, to break iPhone security measures. To keep this vulnerability secret, the jailbreak is heavily obfuscated and protected against dynamic inspection. However, since this vulnerability is not exactly new to us and since the cat is out of the bag, now seems a good tim...
jeu 14/05/2020 - 09:50We wrote a new tool that automates the creation of efficient mutation rules for password crackers, such as John the Ripper or hashcat. This posts describes the high level ideas behind this tool, along with some history. If you just want to use it, check our Github repo!
mar 12/05/2020 - 12:40This weekend was held the Sharky CTF, organized by students of ENSIBS. A series of 7 forensic challenges concerning a same machine memory dump was proposed. They make a great introduction to memory forensic in Linux, from the creation of a specific Volatility profile, to the reverse engineering of a rootkit installed on the machine. Stay sit, here is the writeup!
jeu 07/05/2020 - 16:18In this second article, we will focus on the vEdge components which are basically routers (physical or virtual). A patch was recently published for a vulnerability we found: Cisco IOS XE SD-WAN Software Command Injection Vulnerability (CVE-2019-16011)
lun 04/05/2020 - 17:31A few months ago, Synacktiv teams performed a security assessment on the open source project Squid. This blog post describes a few vulnerabilities that were found during this audit.
jeu 23/04/2020 - 16:40We wrote a new tool that automatically loots all sensitive information from misconfigured Symfony applications. This post describes the type of data it can loot and how. If you just want to use it, check our Github repo! So let's get started and see what we can grab from the web profiler.
lun 20/04/2020 - 17:52Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It is more and more used by customers in order to connect their on-premises Active Directory with online services such as Office365, SharePoint, Teams, etc. The aim of this article is to briefly present Azure AD and to explore the different attacking paths this new cloud environment offers to pentesters and red teamers.