mar 01/12/2020 - 10:09Back in the beginning of November, Project Zero announced that Apple has patched a full chain of vulnerabilities that were actively exploited in the wild. This chain consists in 3 vulnerabilities: a userland RCE in FontParser as well as a memory leak and a type confusion in the kernel. In this blogpost, we will describe how we identified and exploited the kernel memory leak.
jeu 26/11/2020 - 16:19You probably already have encountered a fanatical WAF during an engagement that turned you crazy preventing your almighty SQL injection from being exploited properly. This will never happen again thanks to a novel advanced technique based on artificial intelligence and block chain analysis. Read this article to know how. Disclaimer: this is click-bait.
mer 25/11/2020 - 12:43In this blogpost, we will find what happens when two security researchers find a random printer and then manage to find vulnerabilities in it.
jeu 05/11/2020 - 09:16In order to better protect its users, NBS System has asked Synacktiv to perform a source code review of Naxsi, a famous open source Web Application Firewall (WAF). During this audit, Synacktiv discovered several vulnerabilities that could allow bypassing the application of the filtering rules. This short blog post will present the most critical vulnerabilities and how they were fixed by NBS System. The fixes have been published on version 1.1a quickly after they were reported: https://github.com/nbs-system/naxsi/releas...
jeu 03/09/2020 - 13:44As you may already know, we collaborated with Zero Day Initiative to disclose a vulnerability in Ubuntu's ppp package. This vulnerability has been assigned the identifiers ZDI-CAN-11504 / CVE-2020-15704.
mer 26/08/2020 - 09:12Have you ever compromised a Cisco ISE with CVE-2017-5638? But what could you do next? This is a good network access but it can actually give you more. After a little digging, we found that guests passwords were stored in plaintext or encrypted (configuration dependent). This article explains how to extract the encrypted passwords, the encryption key and why it matters.
mar 04/08/2020 - 12:35On 23/07/2020, we published a study of the DJI GO4 application. This application, allowing to control a drone, is dedicated to the consumer grade aircraft segment. We also studied DJI Pilot, the application dedicated to professionals and companies, in order to assess its security and look at the difference between the two apps. We found similar issues to those listed in our previous blogpost in this application, such as a forced update mechanism.
mar 28/07/2020 - 14:36ZDI announced last year a new entry in it's yearly contest "Pwn2Own". After the Vancouver edition focused on Desktop software and Tokyo specialized in smartphones, there is now a third location in Miami dedicated to industrial software also known as ICS or SCADA.
jeu 23/07/2020 - 16:41Drones are currently one of the most dynamic products, with multiple use cases across sectors such as personal and commercial videography, farming and land surveying, law enforcement and national security, and more. One of the market leaders, China-based Daijiang Innovations (DJI), is often in the news for suspected cybersecurity and data privacy issues. While there are technical reports sponsored by DJI stating that their associated mobile application, DJI GO 4, is harmless and does not send any personal information b...
lun 08/06/2020 - 09:39In this blog post the goal is to explain how I started looking at the Lenovo password. We will start by looking at how the reverse was started and the different kinds of passwords in the firmware, before having a more in depth look at two of them: the Power-On Password and the Bios Passwords. No vulnerability has been identified (yet) in the management of those passwords, but without further ado let get started.