Blogs

Get Freebies by Abusing the Android InApp Billing API

As Google defines it “Google Play Billing is a service that lets you sell digital content from inside an Android app, or in-app.“ It can be used to sell one-time products like additional game levels, premium loot boxes, media files or subscriptions like online magazines or music streaming services. But what could possibly go wrong when this service is doing client side validation ? Guillaume worked on this for Checkmarx and published a complete blog post explaining the results and the detailed steps to bypass the InApp Billing process and obtain unlimited credits: https://www.

Continue reading

[Training/Conference] DeepSec – Advanced Penetration Testing in Real World (27/28 November)

RandoriSec is going to provide a training at DeepSec (Vienna, Austria) the 27 and 28 November. The training Advanced Penetration Testing in Real World is intended for penetration testers and security engineers who would like to improve their penetration testing skills or even to learn how to perform penetration tests from scratch (for motivated people). These 2 days of training will be intensive and will provide knowledge and techniques in different fields such as: Vulnerability exploitation, Network attacks, Password cracking, Web application vulnerabilities and Mobile application hacking.

Continue reading

[Training/Conférence] Hackfest 2018 - iOS Mobile Application Hacking

Nous sommes très heureux d’annoncer que la formation “iOS Mobile Application Hacking” sera donnée en français à Québec au Canada pour la 10e édition de la conférence Hackfest ! La conférence, qui est le plus grand événement de hacking au Canada et réunit plus de 900 passionnés de sécurité informatique, aura lieu les 2 et le 3 novembre 2018 et sera précédé de 3 jours dédiés aux formations. RandoriSec aura le plaisir d’animer la formation “iOS Mobile Application Hacking” pour la première fois lors d’une conférence.

Continue reading

[Conference] SSTIC 2018

RandoriSec was at the SSTIC conference in Rennes, France. SSTIC (Symposium sur la sécurité des technologies de l’information et des communications in French) is an old security conference which started in 2003 and the majority of the presentations are in French! This year it was the 16th (0x10) edition occurring at the Couvent des Jacobins, an old convent. Most of the slides and the videos are available at the SSTIC website:

Continue reading

[Conference] HITB Amsterdam 2018

RandoriSec was at the Amsterdam 2018 edition of Hack In The Box and… IT WAS A BLAST ! It has been over a month and many tweets, write-ups and even the full slides (https://conference.hitb.org/hitbsecconf2018ams/materials/) have been published so we won’t cover details here but we just wanted to say a few words about it. The agenda was great with two main conference tracks, one dedicated track for the labs and one additional, free and open to public, track:

Continue reading

[0day] Anonymous RCE on Geutebruck IP Cameras - again

Abstract A few months ago during a pentest, with Nicolas Mattiocco of Greenlock, we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found 3 RCE: a blind SQL Injection, a SSRF, a CSRF and a stored XSS affecting version 1.12.0.4 and prior versions. We’ve choose to “responsible disclose” these 0day vulnerabilities, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Continue reading

[Training] iOS Mobile Application Hacking

L’offre de formation de RandoriSec est enrichie d’un nouveau module de 2j pour apprendre à auditer la sécurité des applications mobiles iOS. Descriptif : L’objectif de cette formation est de transmettre les méthodes d’attaques visant les applications iOS ainsi que les recommandations permettant de contrer ou tout du moins ralentir ces attaques. Elle s’appuie sur la méthodologie MSTG (Mobile Security Testing Guide) de l’OWASP (Open Web Application Security Project) et l’outil open-source Needle.

Continue reading

[0day] Digium Asterisk OS Command Injection Vulnerability

Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). This product is used in many very sensitive environments like prisons and official buildings. We’ve choose to “responsible disclose” them, directly to Digium and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Continue reading

[Conference] Industrial Hacking at DeepINTEL

We will be speaking about Industrial Hacking at DeepINTEL in Vienna this week! Here is the pitch: A few months ago a client asked us to assess the security of the ICS (Industrial Control Systems) of a brand new datacenter. As we were no industrial guys we discovered a whole new world and we tried and failed many times before owning the system. ”_Industrial DIY_“ tries to show how a small team of pentesters managed to assess the security of industrial systems (ICS/SCADA/BMS) and how to protect these critical infrastructures against a few major threats.

Continue reading

[0day] LogicalDOC - from guest to root

LogicalDOC is a DMS (Document Management System) available either in a community (and free) edition, or in a professional (and expensive) version. This type of product is normally used to share and access doc from « everywhere » as they say on their website: « Your documents – Always accessible, from anywhere, at any time » which means web interfaces widely open on the internet. During a pentest, we found that a client used one of this product (in community version 7.

Continue reading