Ressources

2023

Avis de sécurité | Privilege escalation vulnerability in FortiManager version 6.4.5 , CVE-2022-26118 - Clément Amic , Pierre Milioni , Adrien Peter

Avis de sécurité | Mutliple vulnerabilities in ManageEngine ADSelfService Plus , Security advisory for ManageEngine ADSelfService Plus. - Antoine Cervoise , Wilfried Bécard

Avis de sécurité | Sudoedit bypass in Sudo <= 1.9.12p1 , CVE-2023-22809 - Matthieu Barjole , Victor Cutillas

2022

Avis de sécurité | Multiple Stored Cross-Site Scripting vulnerabilities in Sage Enterprise Intelligence , CVE-2022-34322 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Multiple Cross-Site Scripting vulnerabilities in Sage XRT Business Exchange , CVE-2022-34323 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application , CVE-2022-34324 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Raft Remote Code Execution , Raft Survival game Remote Code Execution - Thomas Bouzerar

Avis de sécurité | integer overflow in VLC < 3.0.18 , CVE-2022-41325 - Kevin Denis

Avis de sécurité | Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 , CVE-2022-36431 - Mehdi Elyassa , Kevin Tellier

Avis de sécurité | Cross-Site Scripting vulnerabilities in CodeIgniter ≤ 3.1.13 , Security advisory for CodeIgniter - Antoine Cervoise , Maxime Rinaudo

Avis de sécurité | Multiple vulnerabilities in H2O ≤ 3.32.1.3 , Security advisory for H2O - Clément Amic , Lena David

Conférence | A journey to pwn and own the Sonos One Speaker , Blackalps 2022 - David Berard

Conférence | The printer goes brrrrr , BlackAlps 2022 - Mehdi Talbi , Rémi Jullian , Thomas Jeunet

Conférence | Attacking Safari in 2022 , Hexacon 2022 - Quentin Meffre

Avis de sécurité | Weak private key generation in SSH.NET <= 2020.0.1 , CVE-2022-29245 - Guillaume André

Conférence | I feel a draft. Opening the doors and windows: 0-click RCE on the Tesla Model3 , Hexacon 2022 - David Berard , Vincent Dehors

Conférence | Croissantez vos collègues avec adb , BeeRump 2022 - Clément Berthaux

Conférence | Faire bonne impression à pwn2own: RCE sur imprimantes HP et Lexmark , Barbhack 2022 - David Berard , Vincent Fargues , Thomas Imbert

Conférence | Dissecting NTLM EPA & building a MitM proxy ( video ) , PassTheSalt 2022 - Pierre Milioni

Conférence | Finding Java deserialization gadgets with CodeQL ( video ) , PassTheSalt 2022 - Hugo Vincent

Conférence | MobSF for penetration testers ( video ) , PassTheSalt 2022 - Antoine Cervoise , Mickaël Benassouli

Conférence | Pwning a Netgear router from WAN - MitM style , LeHack 2022 - Kevin Denis , Antide Petit

Conférence | An Apple a day keeps the exploiter away ( vidéo , article ) , SSTIC 2022 - Eloi Benoist-Vanderbeken , Fabien Perigaud

Conférence | Ica2Tcp : Un proxy SOCKS pour Citrix ( vidéo , article ) , SSTIC 2022 - Hugo Clout

Conférence | Suprême TTD - That's my PPL ( vidéo ) , SSTIC 2022 - Lucas Georges

Conférence | Surface d’attaque des solutions Active Directory Self-Service ( vidéo ) , SSTIC 2022 - Antoine Cervoise , Wilfried Bécard

Conférence | Fouillons les poubelles ! , ESE 2022 - Antoine Cervoise

Conférence | Rooting Samsung Q60T Smart TV , STHACK2022 - Vincent Fargues , Jérémie Boutoille

Conférence | Real hackers don't leave dtrace ( video ) , Sthack 2022 - Eloi Benoist-Vanderbeken

Conférence | The printer goes brrrrr , CanSecWest 2022 - Mehdi Talbi , Thomas Jeunet , Rémi Jullian

Conférence | Pwn2Owning the TPLINK Archer A7 , THCON2022 - Kevin Denis

Conférence | Android Encryption , THCON 2022 - Jean-Baptiste Cayrou

Avis de sécurité | FortiManager 6.4.5 - Multiple Vulnerabilities , CVE-2021-32587, CVE-2021-32597, CVE-2021-32598, CVE-2021-32603 - Adrien Peter , Clément Amic , Pierre Milioni

Avis de sécurité | Unsafe Object Deserialization in Html2Pdf <= 5.2.3 ( Html2Pdf library ) , CVE-2021-45394 - Clément Amic , Antoine Gicquel

2021

Conférence | Synacktalk #3 (video) ( download ) , Webinar - feedbacks on pwn2own - Elodie Grisé , Benoît Lamiré , David Berard , Etienne Helluy-Lafont , Rémi Jullian

Conférence | AEGE Presentation , AEGE 2021 - Arnaud Pilon

Conférence | Cannibal Hacking , Hack In Paris 2021 - Kevin Denis

Conférence | Rooting Samsung Q60T Smart TV , GreHack 2021 - Vincent Fargues , Jérémie Boutoille

Avis de sécurité | Cisco Nexus 9000 ACI mode 14.2(7f) - Multiple Vulnerabilities , CVE-2021-1583, CVE-2021-1584 - Clément Amic , Pierre Milioni , Adrien Peter

Avis de sécurité | Cisco APIC 4.2(7f) - Multiple Cross-Site Scripting , CVE-2021-1582 - Clément Amic , Pierre Milioni , Guillaume Jacques , Adrien Peter

Avis de sécurité | Cisco SD WAN IOS XE routers command injection #2 , CVE-2021-1529 - Julien Legras

Avis de sécurité | Authentication bypass in Jeedom , CVE-2021-42557 - Maxime Rinaudo , Antoine Cervoise

Conférence | Jailbreak detection mechanisms and how to bypass them , Sthack 2021 - Eloi Benoist-Vanderbeken

Conférence | Discovering and exploiting a kernel pool overflow on modern Windows 10 , Sthack 2021 - Fabien Perigaud

Avis de sécurité | Multiple vulnerabilities in Nagios XI < 5.8.6 , Security advisory for Nagios XI - Guillaume André

Avis de sécurité | Cross-Site Scripting in Cookiebot WordPress plugin , Security advisory for Cookiebot WordPress plugin - Antoine Cervoise

Conférence | Pwn2Own'ing the TP-Link Archer A7 , Barbhack 2021 - Kevin Denis , Thomas Chauchefoin

Conférence | HPE iLO 5 security: Go home cryptoprocessor, you’re drunk! ( video ) , BlackHat USA 2021 - Fabien Perigaud

Avis de sécurité | Multiple vulnerabilities in Centreon < 20.04.13, 20.10.7 & 21.04.2 , Security advisory for Centreon - Guillaume André , Théo Louis-Tisserand

Avis de sécurité | Reflected XSS in Enfold < 4.8.2 , Security advisory - Julien Legras , Guillaume André

Conférence | AppFailLauncher , Bière Sécu Toulouse - Thomas Imbert

Conférence | Slides - Jailbreak detection mechanisms and how to bypass them ( video ) , Pass The Salt 2021 - Eloi Benoist-Vanderbeken

Revue | Comment les spécialistes de l’intrusion percent les coffres-forts numériques , Article de journal - The Team

Avis de sécurité | WordPress AryoActivityLog vulnerability , Avis de sécurité - Jérôme Mampianinazakason

Conférence | Zombies ate my printer’s ink , THCON 2021 - Rémi Jullian

Avis de sécurité | Local privilege escalation in Cisco SD-WAN < 20.4 and 20.5 , CVE-2021-1528 - Julien Legras

Avis de sécurité | Cisco SD-WAN Multiple vulnerabilities in vManage < 20.5.1 , CVE-2021-1481, CVE-2021-1482, CVE-2021-1483, CVE-2021-1484 - Julien Legras , Théo Louis-Tisserand

Conférence | Synacktalk #2 (slides) ( video ) , Webinar - Elodie Grisé , Benoît Lamiré , Tiphaine Romand-Latapie

Conférence | The security of SD-WAN: the Cisco case ( video , whitepaper ) , SSTIC 2021 - Julien Legras

Conférence | HPE iLO 5 security: Go home cryptoprocessor, you’re drunk! ( video , whitepaper ) , SSTIC 2021 - Fabien Perigaud

Conférence | Vous avez obtenu un trophée : PS4 jailbreaké ( video , whitepaper ) , SSTIC 2021 - Mehdi Talbi , Quentin Meffre

Conférence | Manger mes dossiers par la racine ( video ) , Hack-it-n - Lucas Georges

Outils | HopLa , Autocompletion support and useful payloads in Burp Suite - Alexis Danizan

Conférence | Synacktalk #1 (slides) ( video ) , Webinar - Aymeric Palhière , Renaud Feil , Renaud Dubourguais

Avis de sécurité | WordPress AjaxSearchPro vulnerability , Avis de sécurité pour un plugin WordPress - Julien Egloff , Jérôme Mampianinazakason

Avis de sécurité | Use After Free in CyberArk Digital Vault , Security advisory - Julien Boutet

Avis de sécurité | GLPI FusionInventory 9.5.0 injection SQL , Avis de sécurité - Alexis Danizan , Hugo Vincent

Outils | .NIET , IDA Pro plugin for .NET Native symbols resolution - Jean-Christophe Delaunay

Conférence | Pourquoi la cybersécurité a radicalement changé ? , Seald - Renaud Dubourguais

Conférence | Panorama des postes et compétences attendus , Cyber & Bretagne - Renaud Feil

Avis de sécurité | Evolution CMS unauthenticated SQLI and user enumeration , Security advisory - Thomas Etrillard , Nicolas Biscos

Avis de sécurité | YouPHPTube/AVideo multiple vulnerabilities , Security advisory for YouPHPTube/AVideo - Maxime Rinaudo

Avis de sécurité | Code Injection in the J-Web component of Junos OS , Security advisory for the J-Web component of Juniper's Junos OS - Lena David , Geoffrey Bertoli

Conférence | Product security - From the dark side to the light , Live Embedded Event - Tiphaine Romand-Latapie

2020

Conférence | No lightsaber is needed to break the Wookey , Live Embedded Event - David Berard

Conférence | This is for the pwners - exploiting a webkit 0-day in Playstation 4 ( video ) , BlackHat Europe 2020 - Quentin Meffre , Mehdi Talbi

Conférence | Tout faire à l’envers , If This Then Dev - Tiphaine Romand-Latapie

Conférence | No lightsaber is needed to break the Wookey ( video ) , Grehack 2020 - David Berard

Conférence | Say hello to my little shell ! ( video ) , Unlock your brain, Harden your system 2020 - Lucas Georges

Avis de sécurité | Centile Istra - SQL injection , Centile Istra - SQL injection - Thibault Guittet , Julien Clergue

Conférence | Interview Renaud Feil , NoLimitSecu - Renaud Feil

Conférence | Comment promouvoir la place des femmes dans le milieu de la cybersécurité ? , BFMTV - Tiphaine Romand-Latapie

Conférence | SpeedPwning VMware Workstation , Ekoparty 2020 - Bruno Pujos , Corentin Bayet

Conférence | IOMMU and DMA attacks , NorthSec 2020 - Jean-Christophe Delaunay

Avis de sécurité | SQL injection in LearnPress <= 3.2.7.2 , Security advisory for LearnPress WordPress plugin. - Wilfried Bécard

Conférence | Speedpwning VMware Workstation ( video ) , Ekoparty 2020 - Corentin Bayet , Bruno Pujos

Avis de sécurité | Local Privilege Escalation in Fortinet SSL VPN for Linux , Security advisory for Fortinet SSL VPN for Linux - Thomas Chauchefoin

Avis de sécurité | Insecure password reset in Sulu < 1.6.35, 2.0.10 & 2.1.1 , Security advisory for Sulu framework - Julien Legras

Conférence | [SECHebdo] 28 juillet 2020 , Le Comptoir Sécu - Tiphaine Romand-Latapie

Revue | Popular Chinese-Made Drone Is Found to Have Security Weakness , The New York Times - The Team

Conférence | The art of cyber crime, Windows Pools and Windows ARM64 exploitation (from 1:20:55) , OPCDE - Corentin Bayet , Paul Fariello

Conférence | Scoop the Windows 10 Pool! ( video , whitepaper ) , SSTIC 2020 - Corentin Bayet , Paul Fariello

Conférence | How to design a baseband debugger ( video , whitepaper ) , SSTIC 2020 - David Berard , Vincent Fargues

Conférence | RDP security: intercepting NLA authentication using CredSSPy ( video , whitepaper ) , SSTIC 2020 - Geoffrey Bertoli

Conférence | NorthSec 2020 , IOMMU and DMA attacks - Jean-Christophe Delaunay

Avis de sécurité | Cisco SD WAN IOS XE routers command injection , CVE-2019-16011 - Thomas Etrillard , Julien Legras

Avis de sécurité | Android Monospace - Writing and Notes 2.6.3 , Broken Encryption Feature - Lena David

Avis de sécurité | Cisco Viptela vManage neo4j injection and stored XSS , CVE-2019-16010 and CVE-2019-16012 - Thomas Etrillard , Julien Legras

Conférence | Binder and its vulnerabilities , THCON 2020 - Jean-Baptiste Cayrou

Revue | Classification of browser vulnerabilities , MISC Magazine 108 - Quentin Meffre

Revue | In-depth security measures of Safari in iOS , MISC Magazine 108 - Fabien Perigaud

Revue | Source code assessment during Red Teams? , MISC Magazine 108 - Julien Szlamowicz

Conférence | Using static and dynamic binary analysis with ret-sync , Bière Sécu Bordeaux - Jean-Christophe Delaunay

Conférence | Modern PHP security , Sec4Dev 2020 - Thomas Chauchefoin , Lena David

Conférence | With Machoc and victorious weapons, using CFG hashing for the lazy reverser , Bière Sécu Lyon - Tristan Pourcelot

Conférence | Exploitation of the FreeBSD kernel vulnerability CVE-2019-5602 , Bière Sécu Lyon - Mehdi Talbi

Conférence | Pwn2Own Miami Day 3 Final Results (from 2:56) , Pwn2Own Miami - Lucas Georges

Autre | 3 Windows kernel exploitation challenges on Root-Me , Root-Me Windows kernel challenges - Rémi Jullian

Avis de sécurité | MaarchCourrier 19.04, 18.10, 18.04, 17.06 OS Command injection , MaarchCourrier Security Advisory - Tawfik Bakache , Thomas Etrillard

2019

Conférence | Reversing the firmware of an e-cigarette , Bière Sécu Toulouse - Samuel Chevet

Conférence | IOMMU and DMA attacks ( whitepaper ) , C&ESAR conference - , Jean-Christophe Delaunay

Conférence | Through the SMM-Glass , Bière Sécu Toulouse - Bruno Pujos

Revue | A look inside Raspberry Pi hardware decoders licenses , Paged Out! #2 - Fabien Perigaud

Revue | Privilege escalation on macOs with CVE-2018-4193 , MISC Magazine 106 - Eloi Benoist-Vanderbeken

Outils | IDA Plugin: VMX Intrinsics , IDA plugin - Samuel Chevet

Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line (extended version) , t2.fi infosec - Sébastien Dudek

Conférence | Time-travel Debugging , Rump'in Rennes 2019 - Samuel Chevet

Conférence | SF30th Hacking Edition : A journey into Moo , R2CON 2019 - Nicolas Correia

Conférence | Kerberos Unconstrained Delegation , Bière Sécu Toulouse - Nicolas Biscos

Conférence | The return of FAIFA and HomePlugPWN: Make Power-Line Communication hacks great again! , leHack 2019 - Sébastien Dudek

Avis de sécurité | Arbitrary File Disclosure in Ad Inserter (< 2.4.9) , Security advisory - Wilfried Bécard

Avis de sécurité | Unsafe password reset in GLPI <= 9.4.0 , CVE-2019-13240 - Julien Legras

Avis de sécurité | Stored XSS in GLPI <= 9.4.2 , CVE-2019-13239 - Julien Legras

Conférence | Time-efficient assessment of open-source projects for Red Teamers , Pass the SALT 2019 - Thomas Chauchefoin , Julien Szlamowicz

Conférence | DLL shell game and other misdirections ( video , whitepaper ) , SSTIC 2019 - Lucas Georges

Conférence | SSTIC 2019 challenge conception , SSTIC 2019 - David Berard , Vincent Fargues

Conférence | Wild pentesting - When a reverser does pentest... ( video ) , SSTIC 2019 - Fabien Perigaud

Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line ( video , whitepaper ) , SSTIC 2019 - Sébastien Dudek

Conférence | WEN ETA JB? A 2 million dollars problem ( video , whitepaper ) , SSTIC 2019 - Eloi Benoist-Vanderbeken , Fabien Perigaud

Autre | SSRF, reflected XSS and cryptographic signature bypass in w3-total-cache , Patch - Thomas Chauchefoin

Conférence | Exploring the Limitations of 802.1x and Beyond , Infosecurity Europe - Florian Guilbert

Outils | V2G Injector , Software to monitor and test Vehicle-to-Grid (V2G) systems like vehicles' ECU and charging station - Sébastien Dudek

Avis de sécurité | Pre-authenticated SQL injection in GLPI <= 9.3.3 (CVE-2019-10232) , Security advisory - Thomas Chauchefoin

Avis de sécurité | GLPI 9.4.0 Type juggling authentication bypass (CVE-2019-10231) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 Timing attack user enumeration (CVE-2019-10233) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 FusionInventory plugin RCE (CVE-2019-10477) , Security advisory - Damien Picard , Julien Szlamowicz

Conférence | Modmobtools and tricks to assess devices using the mobile network (GPRS, UMTS and LTE) , Troopers NGI 2019, Research and Tinkering - Sébastien Dudek

Avis de sécurité | Unsafe deserialization in Sitecore CMS leading to RCE (CVE-2019-9874 and CVE-2019-9875) , Security advisory - Julien Legras , Adrien Peter

Avis de sécurité | Local file disclosure in mysqljs package 2.17.1 , Security advisory - Julien Legras

Conférence | Android software KeyStore decryption (French) , Inter-CESTI - Thomas Etrillard , Julien Legras

Conférence | Riding the lightning: iLO 4&5 BMC security wrap-up , 1ns0mn1h4ck 2019 - Fabien Perigaud

Outils | Metasploit module for CVE-2019-8942 , WordPress Arbitrary Code Execution - Wilfried Bécard

Conférence | Modmobtools internals, updates, and more on tools used to assess mobile devices , Troopers Telco Sec Day 2019 - Sébastien Dudek

Outils | Kerberos TGS Rep enctype 17 (AES128-CTS-HMAC-SHA1-96) and enctype 18 (AES256-CTS-HMAC-SHA1-96) implementation ( Twitter ) , Hashcat - Jean-Christophe Delaunay

Avis de sécurité | TIBCO JasperReports Server XML Entity Expansion Vulnerability (CVE-2019-8986) , Security advisory - Sébastien Dudek , Julien Szlamowicz

Avis de sécurité | Huawei ManageOne ServiceCenter ACL Bypass , Security advisory - Sébastien Dudek , Julien Legras

Avis de sécurité | IPv6 fragmentation vulnerability in OpenBSD Packet Filter (CVE-2019-5597) , Security advisory - Corentin Bayet , Nicolas Collignon , Luca Moro

Avis de sécurité | Command Execution in elFinder's < 2.1.48 PHP connector (CVE-2019-9194) , Security advisory - Thomas Chauchefoin

Avis de sécurité | Path traversal in BlueMind 4.0 < beta3 and 3.5.x < 3.5.11-7 (CVE-2019-9563) , Security advisory - Damien Picard , Julien Szlamowicz

Conférence | macOS: how to gain root with CVE-2018-4193 in < 10s ( exploit code ) , OffensiveCon 2019 - Eloi Benoist-Vanderbeken

Conférence | Bypassing SMM-EP , Lightning talks at LSE - Bruno Pujos

Revue | Attacking mobile devices from GPRS to LTE , MISC Magazine HS 19 - Sébastien Dudek

Avis de sécurité | Multiple vulnerabilities in Jenkins Job Import <= 2.1 ( vendor announcement ) , Security advisory - Thomas Chauchefoin , Julien Szlamowicz

Autre | Defeating NotPetya from your iLO4 , Defeating NotPetya from your iLO4 - Fabien Perigaud

Avis de sécurité | Livebox 3 - Weak password reset procedure , Security advisory - Gaetan Ferry , Julien Szlamowicz

2018

Conférence | Code Obfuscation 10**2+(2*a+3)%2, , JSecIN 2018 - Gaetan Ferry

Conférence | Turning your BMC into a revolving door , Zeronights 2018 - Fabien Perigaud

Conférence | PentHertz: The use of radio attacks during Red Team and pentests , Security PWNing 2018 - Sébastien Dudek

Avis de sécurité | Critical vulnerabilities in PineApp Mail Secure 5.1 , Security advisory - Thomas Chauchefoin , Gaetan Ferry

Avis de sécurité | Multiple vulnerabilities in Vectra Cognito: CVE-2018-14889, CVE-2018-14890 and CVE-2018-14891 , Security advisory - Julien Egloff , Thibault Guittet

Conférence | Heapple Pie: macOS and iOS default heap , Sthack 2018 - Eloi Benoist-Vanderbeken

Avis de sécurité | Cisco Nexus 9000 Series Fabric Switches ACI Mode Shell Escape (CVE-2019-1591) , Security advisory - Nicolas Biscos , Gaetan Ferry

Avis de sécurité | Arbitrary code execution in Duplicator Pro < 1.2.42 , Security advisory - Thomas Chauchefoin , Julien Legras

Avis de sécurité | SQL injection in Image Intense , Security advisory - Thomas Chauchefoin , Julien Legras

Outils | search_offsets_DMA.py , Script to extract the offsets needed to unlock Windows with a DMA attack - Jean-Christophe Delaunay

Outils | Modmobjam , Perfoms smart-jamming attacks on specific mobile cells - Sébastien Dudek

Avis de sécurité | Multiple buffer overflows in Visual TOM <= 5.7.4 , Security advisory - Julien Egloff , Florian Guilbert

Avis de sécurité | SQL injection in FlySpray <= v1.0-rc6 , Security advisory - Thomas Chauchefoin , Bastien Faure

Conférence | Modmobjam, smart jamming with Software-Defined Radio , RUMPS SSTIC 2018 - Sébastien Dudek

Conférence | Backdooring your server through its BMC: the HPE iLO4 case , SSTIC 2018 - Fabien Perigaud

Outils | Modmobmap , Collects 2G/3G and 4G mobile cells information - Sébastien Dudek

Conférence | Organisation of the SSTIC security challenge , SSTIC 2018 - Lucas Arrivé , Clément Berthaux

Conférence | Modmobmap, the modest mobile networks mapping tool , BeeRumP 2018 - Sébastien Dudek

Conférence | iOS/macOS 0-day^w48-hours , BeeRumP 2018 - Eloi Benoist-Vanderbeken

Avis de sécurité | Cross-Site Scripting in Zend Server < 9.1.3 ( CVE-2018-10230 ) , Security advisory - Thomas Chauchefoin , Julien Egloff

Conférence | Introduction to CTF competitions ( video ) , 42Born2Code - Lucas Arrivé , Corentin Bayet

Outils | Publication of AJPy in Debian repositories , AJPy - Julien Legras

Avis de sécurité | Missing XML Validation vulnerability in SAP Control Center and SAP Cockpit Framework , SAP Patch - Thomas Chauchefoin , Sébastien Dudek

Avis de sécurité | CVE-2018-9325 ( CVE-2018-9326 , CVE-2018-9327 , CVE-2018-9845 ) , Multiple arbitrary code execution and information leaks in the project Etherpad - Thomas Chauchefoin

Revue | Red Team: think like an attacker! , Global Security Mag (page 18) - Renaud Feil

Revue | Exploitation of a vulnerability in Linux's implementation of the waitid syscall (CVE-2017-5123) , MISC Magazine 96 - Thomas Chauchefoin , Julien Egloff

Conférence | Subverting your server through its BMC: the HPE iLO4 case , Recon Brussels 2018 - Fabien Perigaud

Avis de sécurité | Multiple vulnerabilities in WordPress Health Check & Troubleshooting , Security advisory - Julien Legras

2017

Conférence | TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery , GreHack 2017 - Clément Berthaux

Conférence | Cracking password hashes with Kraqozorus , OSSIR 2017 - Renaud Feil

Revue | Radio communication penetration testing , MISC Magazine HS 16 - Sébastien Dudek

Revue | Vault 7: analysis of Marble, the CIA code obfuscation framework , MISC Magazine 93 - Thomas Chauchefoin

Revue | Exploiting Django template injections , MISC Magazine 93 - Clément Berthaux

Outils | Juniper decrypt , Script to decrypt Juniper screenOS encrypted passwords and keys - Fabien Perigaud

Avis de sécurité | TSIG authentication bypass through signature forgery in ISC BIND (CVE-2017-3143) , Security advisory - Clément Berthaux

Avis de sécurité | TSIG authentication bypass for zone transfer operations in ISC BIND (CVE-2017-3142) , Security advisory - Clément Berthaux

Revue | Frida: the swiss-knife of multi-platform dynamic analysis , MISC Magazine 92 - Eloi Benoist-Vanderbeken

Outils , Avis de sécurité | CVE-2017-6008 exploit , Multiple vulnerabilities in the security solution HitmanPro of Sophos: CVE-2017-6007, CVE-2017-6008 and CVE-2017-7441 - Corentin Bayet

Conférence | Windows 10 Pool Party, exploitation of a Kernel Pool buffer overflow on the last version of Windows 10 ( details ) , Nuit du Hack 2017 - Corentin Bayet

Avis de sécurité | TSIG authentication bypass through signature forgery in Knot DNS , Security advisory - Clément Berthaux

Conférence | Study of an unknown CPU , BeeRumP 2017 - Fabien Perigaud

Outils | Hashcat , Support for cracking DPAPI masterkey files from Windows XP to Windows 10 - Jean-Christophe Delaunay

Conférence | Psychological profiling and LinkedIn passwords , SSTIC 2017 - Jean-Christophe Delaunay

Conférence | Out-of-control cars! , SSTIC 2017 - Sébastien Dudek

Conférence | BeeRumP announcement , SSTIC 2017 - Eloi Benoist-Vanderbeken

Conférence | IDASuckLess ( Website ) , SSTIC 2017 - Eloi Benoist-Vanderbeken

Conférence | IoT Hacking - the case of Intercoms (with little updates since 33C3) , OSSIR afterwork - Sébastien Dudek

Conférence | Tools and techniques to remotely compromise and spy workstations , Ecole de Guerre Economique - Renaud Feil

Conférence | Turning a GPS-based dating application into a tracking system , ESIEA Secure Edition 2017 - Julien Legras , Julien Szlamowicz

Outils | eBPF IDA , an IDA processor for eBPF bytecode - Clément Berthaux

Conférence | DPAPI exploitation during a pentest and password cracking , Univershell 2017 - Jean-Christophe Delaunay

Outils | John The Ripper , Support for cracking DPAPI masterkey files from Windows XP to Windows 10 - Jean-Christophe Delaunay

Autre | Write-up of the SSTIC 2017 challenge , SSTIC 2017 - Clément Berthaux

Conférence | How to develop an unpacker: the StarForce case , Sthack 2017 - Eloi Benoist-Vanderbeken

Conférence | DPAPI exploitation during a pentest , Sthack 2017 - Jean-Christophe Delaunay

Conférence | Offline extraction of DPAPI-protected secrets , JSSI OSSIR 2017 - Jean-Christophe Delaunay

Conférence | WordPress security: hunting security bugs in a supermarket , Security Day 2017 - Thomas Chauchefoin

Conférence , Outils | Presentation of our pentesting toolkit ( Disconet , Houdini , Kraqozorus , Oursin ) , FIC 2017 - Nicolas Collignon , Renaud Feil

2016

Conférence | Intercoms Hackings, when frontdoors become backdoors - more detailed ( video ) , 33C3 Hamburg - Sébastien Dudek

Outils | Hashcat , Kerberos TGS Rep enctype 23, AxCrypt, AxCrypt in-memory secrets and Keepass version 1 and version 2 with or without "keyfile" implementations - Jean-Christophe Delaunay

Conférence | Challenge resolution and solution presentation , Grehack 2016 - Fabien Perigaud

Conférence | House intercoms attacks, when frontdoors become backdoors - including progress on 3G intercoms ( video ) , Hack.lu 2016 - Sébastien Dudek

Avis de sécurité | CVE-2016-1470 ( CVE-2016-1471 , CVE-2016-1472 , CVE-2016-1473 ) , Multiple vulnerabilities in Cisco Switch SG220 - Nicolas Collignon , Renaud Dubourguais

Revue | Bypassing AppLocker using Powershell , MISC Magazine 87 - Damien Picard

Conférence | House intercoms attacks, when frontdoors become backdoors ( paper , video jamming , video spamming ) , Nuit du Hack 2016 - Sébastien Dudek

Conférence | Turning a GPS-based dating application into a tracking system , Nuit du Hack 2016 - Julien Legras , Julien Szlamowicz

Outils | AJPy , AJP python library - Julien Legras

Conférence | Kerberom , BeeRumP 2016 - Jean-Christophe Delaunay

Conférence | Cache attack, ECC, FRP256v1, backdoor, NIST, end of the world , BeeRumP 2016 - Eloi Benoist-Vanderbeken

Conférence | Switching to insecurity , BeeRumP 2016 - Nicolas Collignon

Conférence | UDP Just Opened , BeeRumP 2016 - Renaud Dubourguais

Conférence | Hacking your printer , BeeRumP 2016 - Jean-Christophe Delaunay

Conférence | Frida: How does it work? How to use it? ( video - french ) , OSSIR 2016 - Eloi Benoist-Vanderbeken

Conférence | Mobile communications: practical attacks using cheap equipment , Business France 2016 - Sébastien Dudek

Conférence | AJPy: AJP python library , SSTIC 2016 - Julien Legras

Conférence | Near-Field Beer , SSTIC 2016 - Fabien Perigaud

Conférence | Challenge resolution and solution presentation , SSTIC 2016 - Fabien Perigaud

Outils | AxSuite , retrieve in-memory secrets saved by AxCrypt - Jean-Christophe Delaunay

Outils | Kerberom , retrieve ARC4-HMAC'ed encrypted Tickets Granting Service (TGS) of accounts having a Service Principal Name (SPN) within an Active Directory - Jean-Christophe Delaunay

Outils | Cisco ACS Repo Decrypt , decrypt Cisco ACS repository passwords - Nicolas Collignon

Outils | des26 SAP ITS Decrypt , decrypt des26 SAP ITS (Internet Transaction Server) passwords - Eloi Benoist-Vanderbeken

Outils | VanDyke SecureCRT Decrypt , decrypt SSH passwords stored in VanDyke SecureCRT session files - Eloi Benoist-Vanderbeken

Conférence | Podcast about Red Team penetration testing , NoLimitSecu 2016 - Renaud Feil

Revue | Attacking a Windows network with Responder , MISC Magazine 85 - Gaetan Ferry

Conférence | Just you, PowerShell and the target? Challenge accepted ( demo ) , Sthack 2016 - Damien Picard

Conférence | Tools and techniques to compromise workstations , GS Days 2016 - Clément Berthaux , Renaud Feil

Conférence | Offensive use of PowerShell ( demo ) , GS Days 2016 - Damien Picard

Outils | John The Ripper ( extractor ) , Keepass key-files support and extractor - Jean-Christophe Delaunay

Avis de sécurité | Multiple vulnerabilities in Citrix Provisioning Services (CVE-2016-9676, CVE-2016-9677, CVE-2016-9678, CVE-2016-9679, CVE-2016-9680) , Security advisories - Fabien Perigaud

Avis de sécurité | Sensitive information disclosure in the RESTX framework , Security advisory - Julien Legras

Conférence | Feedback after 10 years of security audits , JSSI OSSIR 2016 - Renaud Feil

Autre | Authenticated Remote Code Execution in Sentry , Security vulnerability - Clément Berthaux

Avis de sécurité | Multiple vulnerabilities in Oracle ECB and COM products (CVE-2016-3513, CVE-2016-3514, CVE-2016-3515 and CVE-2016-3516) ( #1 , #2 , #3 , #4 ) , Security advisories - Nicolas Collignon , Sébastien Dudek

Outils | John The Ripper ( extractor ) , AxCrypt support and extractor - Jean-Christophe Delaunay

2015

Avis de sécurité | CVE-2015-6409: Cisco Jabber STARTTLS Downgrade Vulnerability , Security advisory - Renaud Dubourguais , Sébastien Dudek

Avis de sécurité | Security Researcher Acknowledgments for Microsoft Online Services , Security advisory - Jan Kopec

Revue | Packers and anti-virus , MISC Magazine HS 12 - Eloi Benoist-Vanderbeken

Revue | Red Team penetration tests: evolution and challenge , MISC Magazine HS 12 - Renaud Feil

Revue | Techniques and tools to compromise desktops , MISC Magazine HS 12 - Clément Berthaux

Revue | Physical and logical penetration testing , MISC Magazine 80 - Renaud Feil

Revue | Discovery and reliable exploitation of an XXE vulnerability in the Drupal Services module , MISC Magazine 80 - Renaud Dubourguais

Conférence | The Internet of Things is bad , SSTIC 2015 - Eloi Benoist-Vanderbeken

Conférence | HQL to SQL evasion ( video ) , SSTIC 2015 - Renaud Dubourguais

Conférence | Vulnerability research in embedded systems , ESIEA Secure Edition 2015 - Eloi Benoist-Vanderbeken

Revue | PlugX: analysis of a RAT , MISC Magazine 79 - Fabien Perigaud

Avis de sécurité | Pre-authentication XXE vulnerability in the Services Drupal module , Security advisory - Renaud Dubourguais

Revue | Crack user data on the Blackphone , 01net - Sébastien Dudek

Revue | Using reverse engineering skills during a penetration test: practical cases , MISC Magazine 78 - Eloi Benoist-Vanderbeken

Revue | Using a password cracking tool: John the Ripper , GNU/Linux Magazine HS 76 - Julien Legras

2014

Conférence | G-Jacking AppEngine-based applications , NoSuchCon 2014 - Nicolas Collignon

Conférence | Advanced password breaking (FR) , JSSI Rouen 2014 - Julien Legras

Conférence | HomePlugAV PLC: Practical attacks and backdooring , NoSuchCon 2014 - Sébastien Dudek

Conférence | NoSuchCon 2014 challenge , NoSuchCon 2014 - Eloi Benoist-Vanderbeken , Nicolas Collignon

Conférence | Bypassing IDS/IPS with the TCP Fast Open option ( PoC ) , SSTIC 2014 - Nicolas Collignon , Renaud Dubourguais

Conférence | Android 0dayz hunting, again , SSTIC 2014 - Fabien Perigaud

Conférence | G-Jacking AppEngine-based Applications , HITB Amsterdam 2014 - Nicolas Collignon , Samir Megueddem

Autre | Writeup for dosfun4u , DEFCON CTF quals 2014 - Eloi Benoist-Vanderbeken

Avis de sécurité | Reverse engineering of the Sercomm feature to reactivate the TCP/32764 backdoor on several routers ( PoC ) , Security vulnerability - Eloi Benoist-Vanderbeken

Outils | Ethercomm , PoC to reactivate the TCP/32764 backdoor - Eloi Benoist-Vanderbeken

Avis de sécurité | Arbitrary code execution to escape the Google App Engine Python sandbox , Security vulnerability - Nicolas Collignon

Conférence | Tools and techniques for Red-Team penetration tests , JSSI OSSIR 2014 - Renaud Feil

Avis de sécurité | Cross-Site Scripting in the Converse.js XMPP/Jabber client , Security advisory - Renaud Dubourguais

Avis de sécurité | Privilege Escalation and Cross Site Scripting vulnerabilities in IBM InfoSphere Master Data Management Collaborative Edition (CVE-2014-8896, CVE-2014-8897, CVE-2014-8898, CVE-2014-8899) , Security advisories - Jan Kopec

Avis de sécurité | Discovery and patching of a Remote Code Execution in the WP-Filebase plugin , Security advisory - Samir Megueddem

Avis de sécurité | Detection and exploitation of a race condition based arbitrary file upload leading to remote code execution (CVE-2014-2223) , Security advisory - Bastien Faure

Outils | SAP SecStore Decrypt , SAP SecStore decryption - Nicolas Collignon

Autre | The Eye of the Tiger , Whitepaper on an APT - Fabien Perigaud

Avis de sécurité | Remote code execution in Cisco Jabber for Windows (CVE-2014-0666) , Security advisory - Fabien Perigaud

Avis de sécurité , Outils | Discovery of a backdoor on Linksys routers , Description and PoC - Eloi Benoist-Vanderbeken

Revue | Discovery and exploitation of a vulnerability in Windows XP USB stack , MISC Magazine 71 - Fabien Perigaud

Outils | Dissipe , Sage ERP X3 internal passwords decryption - Nicolas Collignon

2013

Avis de sécurité | OWASP ESAPI library HMAC validation bypass , Security advisory - Renaud Dubourguais , Renaud Feil

Autre | JSF ViewState upside-down , Whitepaper - Nicolas Collignon , Renaud Dubourguais

Outils | InYourFace , JSF ViewState tampering - Renaud Dubourguais , Nicolas Collignon

Conférence | Oracle TNS protocol hijacking , SSTIC 2013 - Nicolas Collignon

Revue | Pentesting JBoss AS in 2013 , MISC Magazine 67 - Renaud Dubourguais

Revue | MySQL DBMS memory exploitation (CVE-2012-5611) , MISC Magazine 67 - Samir Megueddem

Outils | jimmix , remote administration tool for JBoss AS using the JMXInvoker - Renaud Dubourguais

Conférence | WAF contest , JSSI OSSIR 2013 - Renaud Dubourguais , Renaud Feil

2012

Conférence | J2EE frameworks security: the birth of Expression Language injections , JSSI Rouen 2012 - Renaud Dubourguais

Conférence | Fuzzing the GSM Protocol Stack , Hack.lu 2012 - Sébastien Dudek

Autre | Solution for the ESET BlackHat US Challenge , Whitepaper - Eloi Benoist-Vanderbeken

Revue | Applicative security in Linux , MISC Magazine 62 - Sébastien Dudek

Conférence | Criterium attack / QR-bit flip , SSTIC 2012 - Nicolas Collignon

Conférence | The DevMode flag in Struts 2 , SSTIC 2012 - Renaud Dubourguais

Conférence | Android 0dayz hunting , SSTIC 2012 - Fabien Perigaud

Autre | Solving the SSTIC challenge , SSTIC 2012 - Eloi Benoist-Vanderbeken

Conférence | Hacking (and securing) JBoss AS , Security Day 2012 - Renaud Dubourguais

Revue | Android local root: stable exploitation of the CVE-2011-3874 vulnerability , MISC Magazine 61 - Fabien Perigaud

2011

Outils | BlueBerry , BlackBerry Enterprise Server passwords decryption - Nicolas Collignon

Conférence | Pentests: exposing real world attacks , Security Day 2011 - Renaud Dubourguais

Avis de sécurité | Discovery and patching of SQL injections in the WordPress wp-polls plugin , Security advisory - Renaud Feil

Conférence | Control-flow flattening and symbolic execution ( whitepaper ) , SSTIC 2011 - Eloi Benoist-Vanderbeken

Autre | Hackito Ergo Sum Crackme , Hackito Ergo Sum 2011 - Eloi Benoist-Vanderbeken

2010

Outils | rdp2tcp , TCP tunneling over RDP - Nicolas Collignon

Conférence | Introduction to USRP: hardware, radio, digital processing, and GnuRadio , HackerzVoice 2010 - Sébastien Dudek

Autre | In memory extraction of SSL keys , Whitepaper - Nicolas Collignon

Conférence | TCP tunneling over RDP , SSTIC 2010 - Nicolas Collignon

Conférence | Exploiting and securing JBoss AS , SSTIC 2010 - Renaud Dubourguais

Conférence | Feedback on enterprise applications security , NetFocus - Nicolas Collignon

Avis de sécurité | MS10-025 Remote code execution in Microsoft Windows Media Services (CVE-2010-0478) , Security advisory - Fabien Perigaud

Conférence | Forensic and Software (Un)obfuscation , ECIW 2010 - Eloi Benoist-Vanderbeken

2009

Conférence | Webshells: how to have your network wide open , GS-Days 2009 - Renaud Dubourguais

Conférence | Shell over DTMF , SSTIC 2009 - Nicolas Collignon

2008

Conférence | VMware and virtualization security , OSSIR 2008 - Nicolas Collignon

2007

Conférence | Feedback on PHP code audits , Forum PHP 2007 - Nicolas Collignon

Revue | Evolution of Cross Site Request Forgery attacks , Journal In Computer Virology - Renaud Feil

Conférence | Encrypting hostile web content over HTTP , SSTIC 2007 - Renaud Feil

Conférence | Evolution of CSRF attacks , SSTIC 2007 - Renaud Feil

Conférence | Discovering IPv6 networks , SSTIC 2007 - Nicolas Collignon

Conférence | Web 2.0: more ergonomic... and less secure? , JSSI OSSIR 2007 - Renaud Feil

2006

Conférence | Client-side vulnerabilities , SSTIC 2006 - Renaud Feil

Conférence | Impacts and threats around the IPv6 protocol , OSSIR 2006 - Nicolas Collignon

Conférence | IPv6: network security threats , IPv6 Worldwide Summit 2006 - Nicolas Collignon

2002

Revue | Playing with Windows /dev/(k)mem , Phrack - Nicolas Collignon

2023

Avis de sécurité | Privilege escalation vulnerability in FortiManager version 6.4.5 , CVE-2022-26118 - Clément Amic , Pierre Milioni , Adrien Peter

Avis de sécurité | Mutliple vulnerabilities in ManageEngine ADSelfService Plus , Security advisory for ManageEngine ADSelfService Plus. - Antoine Cervoise , Wilfried Bécard

Avis de sécurité | Sudoedit bypass in Sudo <= 1.9.12p1 , CVE-2023-22809 - Matthieu Barjole , Victor Cutillas

Ressources

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2002

2023

Nous contacter

PARIS

TOULOUSE

LYON

RENNES