Blogs

Formations Mobile Hacking 2020

Nous intervenons régulièrement lors des conférences internationales et donc en anglais mais nous ne délaissons pas non plus les passionnés français et francophones. ENSEIRB MATMECA Cette année nous sommes fiers d’annoncer que nous allons aider, à notre niveau, à former la nouvelle génération en formant les élèves ingénieurs de l’option “cybeR-sécurité, Systèmes et Réseaux” de l’ENSEIRB-MATMECA (École nationale supérieure d’électronique, informatique, télécommunications, mathématique et mécanique de Bordeaux), (labellisée SecNumEdu par l’ANSSI) aux bases de la sécurité des applications mobiles (Android et iOS).

Continue reading

Trainings 2020 - Schedule update

We’re glad to announce that our Mobile Hacking course and workshop will be delivered in a many different infosec conferences in the following weeks: virtually and in english for OWASP AppSec Israel and HITB CyberWeek, in real life but in french for another infosec conference and, also a French school but we’ll make another post for that. OWASP AppSec Israel 2020 - Workshop - October 27 We’ll deliver two virtual workshops: one will be focused on Android apps and the other one on iOS apps.

Continue reading

[Publication] Return Oriented Programming 101

Exploiter un débordement de tampon sur la pile, sans protection, ça n’est pas très compliqué. Mais qu’en est-il avec la protection NX/DEP ? Brendan Guevel nous présente les bases du ROP dans le dernier Hors-Série de MISC HS 22 axé autour des fondamentaux de la sécurité système et logicielle en terme d’exploitation et de contre-mesures. Voici le synopsis de l’article: RETURN ORIENTED PROGRAMMING 101 Le returned oriented Programming (ou ROP) est une technique permettant d’exploiter des programmes disposant de la protection NX (No eXecute) ou DeP (Data execution Prevention).

Continue reading

ActivID vulnerabilities

HID ActivID Mobile Soft Token Vulnerabilities Abstract Nowadays mobile phones are widely used to enforce multi-factor authentication (MFA) either by receiving a code through SMS or, even better, using a dedicated application as an authenticator. Those applications have to be correctly secured because the final step of authentication will rely on them. During a penetration engagement, our client was using the HID ActivID Mobile Soft Token in order to enable 2FA on their VPN servers.

Continue reading

[s05e01] RCE on Geutebruck IP Cameras

Abstract Those who follow our blog know that we like Geutebruck cameras: we found many trivial RCE on their products since 2016. A few months ago we found a new one. Those new attack vectors / vulnerabilites are affecting firmware versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5 of the following Encoder and E2 Series Camera models: G-Code: EEC-2xxx G-Cam: EBC-21xx EFD-22xx ETHC-22xx EWPC-22xx Like before we’ve choose to “responsible disclose” this 0day vulnerability directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Continue reading

[Publication] Contournement de l'API Google Play Billing

L’article concernant le contournement de l’API Google Play Billing vient d’être mis à disposition par les éditions Diamond sous licence Creative Commons (BY-NC-ND). Vous pouvez retrouver également dans ce billet de blog la retranscription de l’article paru dans MISC106. Bonne lecture ! Contournement de l’API Google Play Billing D’après le blog [INVESP], le montant global des paiements dits « in-app » représentait environ 37 milliards de dollars (USD) en 2017 pour les applications mobiles (Android et Apple).

Continue reading

[CONFERENCE] RandoriSec and friends: Enlarge your toolkit!

Two months ago, we organized a small free online security conference. During this event, 6 talks covering different areas (mobile security, SWIFT CSP, security automation and Incident Response) were delivered. The talks are available in our Youtube channel. The event went pretty well with an average of 30 participants but unfortunately for non french speaking people it was in french… So here we are again but this time all talks will be in english and with some hands on!

Continue reading

[WORKSHOPS] BSides Budapest 2020 - Android and iOS workshops online

Last year, at BSides Budapest, we delivered a workshop about Mobile Hacking on Android and iOS. The idea, we had at this time, was to give a very short introduction of our 3 days training about Mobile Hacking. Note: This training was already delivered at Hack In Paris (2019), at DeepSec (2018 and 2019) and also online (2020). However, we noticed that 2 hours are too short to be able to introduce different concepts in Android and iOS mobile apps…

Continue reading

[TRAINING] Mobile Hacking

Security conferences are an excellent way to access top-notch quality trainings but with all this actual mess they are cancelled or postponed. However, life keeps going and we still need to train in order to improve our skills. So, we are pleased to announce that we are going to offer our Mobile Hacking training in an online form! Of course, we prefer to have real interactions with the attendees because we think it’s the best way to give trainings but as nodoby actually knows when this will be possible again, we want to try our best to continue to train whoever wants to learn mobile security.

Continue reading

[CONFERENCE] Conférence en ligne - RandoriSec and friends

Toutes les conférences des semaines passées et à venir étant annulées, nous organisons une conférence en français et en ligne autour de trois thèmes : Sécurité mobile Sécurité bancaire SWIFT Sécurité opérationnelle : PatrOwl et TheHive La conférence s’ouvrira avec un thème que l’on affectionne chez RandoriSec : la sécurité des applications mobiles. Guillaume Lopes nous expliquera, à partir de ses recherches effectuées sur le Google Play Billing, les conditions et le mode opératoire pour contourner les paiements InApp.

Continue reading