Tag: vulnerability

50 articles
Date Tue 15 October 2024
Authors Maxime Rossi Bellom, Raphaël Neveu
Category Android

We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the bootloader, get root access on Android with persistency, and finally leak anything from the Secure World's memory including the Android Keystore keys.

Date Thu 10 October 2024
Author Mathieu Farrell
Category Pentest

The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) for the security measures implemented.

Date Tue 08 October 2024
Author Mathieu Farrell
Category Pentest

The following article explains how during a Purple Team engagement we were able to identify a vulnerability in Microsoft Teams on macOS allowing us to access a user's camera and microphone.

Date Thu 03 October 2024
Author Célian Glénaz
Category Cryptography

Following a brief introduction to differential fuzzing, this blog post reviews the leading tools that leverage it for testing cryptographic primitives. In the second half, we present a method for creating a differential fuzzer along with the results we obtained.

Date Tue 17 September 2024
Author Mathieu Farrell
Category Pentest

The following blogpost explains how during a Red Team engagement we were able to identify several vulnerabilities including Remote Code Executions in the latest version of Chamilo.

Date Tue 25 June 2024
Author Mathieu Farrell
Category Pentest

Discovery of two vulnerabilities (CVE-2024-34065) in Strapi, an open source content management system. In this post we explain how these vulnerabilities, if chained together, allow authentication to be bypassed.

Date Wed 17 April 2024
Author Philippe Teuwen
Category Cryptography

Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?

Date Thu 21 March 2024
Author Mathieu Farrell
Category Pentest

The following article explains how during a Red Team engagement we were able to develop a 1day for GLPI CVE-2023-43813 which later led to the identification of an arbitrary object instantiation leading to an SSRF referenced as CVE-2024-27098 as well as an SQL injection referenced as CVE-2024-27096.

Date Tue 16 January 2024
Authors Francisco Falcon, Iván Arce
Category Vulnerability

This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.

Date Tue 07 November 2023
Authors Eloïse Brocas, Damien Cauquil, Robin David, Benoît Forgette
Category Vulnerability

Part 2 of a series about participation in the Pwn2Own Toronto 2023 contest.