mar 19/03/2019 - 15:33A strange behavior was observed by Synacktiv experts during the security assessment of a stateful firewall implementation... After few coffees & RFCs it was understood that it could be a generic issue that might affect multiple IP stacks. So... What is a strange firewall behavior ? This article presents an implicit behavior of Linux nftables and OpenBSD PacketFilter? regarding the filtering of ICMP and ICMPv6 packets we considered as a security issue. It allows an attacker to bypass filtering rules in some cases an...
mar 15/01/2019 - 14:48Opportunistic and quick review of rutorrent’s overall security.
jeu 20/12/2018 - 16:23This blogpost aims at describing a method to turn a vulnerable HP iLO 4 instance into a DMA-capable device with the associated connector for PCILeech, the reference tool for memory acquisition and manipulation through DMA accesses.
mar 18/12/2018 - 16:17In this article, a bypass of the SMM_CODE_CHK_EN, the equivalent of the SMEP protection for the System Management Mode (SMM), protection is explained. This article first explain the protection and the bug class it impacts, then the idea of the bypass is detailed and a leak is explained for being able to make it work.
ven 14/12/2018 - 15:47Binder is the main IPC/RPC (Inter-Process Communication) system in Android. It allows applications to communicate with each other and it is the base of several important mechanisms in the Android environment. For instance, Android services are built on top of Binder. Message exchanged with Binder are called binder transactions, they can transport simple data such as integers but also process more complex structures like file descriptors, memory buffers or weak/strong references on objects.
lun 10/12/2018 - 16:09This blog post is dedicated to the Trustonic's TEE implementation and more particularly to the integration made by Samsung for its Exynos chipsets. Samsung recently patched a trivial vulnerability in a Trusted Application. After a brief explanation of TrustZone/Kinibi, this article details the exploitation of this vulnerability.
sam 01/12/2018 - 14:12As a team of security researchers, we like poking at software and tinkering with common household objects for fun. So, one of our researchers bought an electronic paper reader tablet, and instead of reading ebooks on the train, started having fun with it!
ven 16/11/2018 - 09:56Detailed write-up of Grehack 2018 qualification challenge.
lun 29/10/2018 - 15:35iOS 12 was released a few weeks ago and fixed a kernel vulnerability we discovered that can be used to escape the sandbox. This blogpost gives the technical write-up of the vulnerability.
mar 09/10/2018 - 13:12A recent pentest involving ColdFusion led us to discover the fabulous and infamous encryption algorithm CFMX_COMPAT.