Category: Exploitation

14 articles
Date Wed 25 May 2016
Author Jérémie Boutoille
Category Exploitation

This blog post describes the exploitation of Xen Security Advisory 105 (XSA-105) [1] (CVE-2014-7155). This post explains the environment setup and shows the development of a fully working exploit on Linux 4.4.5.

Date Wed 08 July 2015
Author Gabriel
Category Exploitation

Nowadays, two-factor authentication is unavoidable. This blogpost details a vulnerability found in the implementation of a YubiKey OTP verification server.

Date Wed 22 January 2014
Author Adrien Guinet
Category Exploitation

Eloi Vanderbéken recently found a backdoor on some common routers, which is described on his GitHub here. Basically, a process that listens on the 32764 TCP port runs, sometimes accessible from the WAN interface. We scanned the v4 Internet to look for the routers that have this backdoor wild open, and gathered some statistics about them. We will also present a way to permanently remove this backdoor on Linksys WAG200G routers.

Date Fri 02 August 2013
Author Camille Mougey
Category Exploitation

The new jailbreak for iOS 6.1, named Evasi0n, is detailed in this article, thanks to Braden Thomas. A few more details are needed regarding the very end on the page signing cancelation. Actually, in order to evade code signed verification, the amfi.dylib is cleverly structured. The idea is as follow: force the MISValidateSignature (which returns the status of code signing verification) to always return 0. That way, one will be able to execute any unsigned code. Hence, this raises 2 questions: How to force MISValidateSignature to always return 0? How to pass the code signed verification for amfy.dylib?