pentest

[Training/Conference] Hack In Paris 2019

RandoriSec was at Hack In Paris 2019 and it was wonderful! This 9th edition took place at Maison de la Chimie in Paris (of course;)). The event was divided in two parts: June 16th to 18th: 3 days of trainings with 13 different subjects (IoT, ICS, Windows exploitation, Web and mobile hacking, etc.) June 19th to 20th: 2 days of talks with a unique track.

Continue reading

[Publication] Outils (open-source et gratuits) pour l’audit d’intrusions d’applications web

Nous avons écrit un article sur les outils open-source et gratuits pour l’audit d’intrusions d’applications web qui a été publié dans le hors-série n.97 du magazine Linux Magazine sur “Les bonnes pratiques du développement sécurisé” publié l’été dernier. Le magazine vient d’ailleurs d’être réédité. Nous avions opté pour une licence CC dans le but de mettre l’article à disposition de tout le monde dès l’expiration des droits d’auteur. C’est chose faite !

Continue reading

[PrivExchange] From user to domain admin in less than 60sec !

Dirk-jan Mollema, a pentester working for Foxit, found a very clever attack allowing any user, owning an Exchange mailbox, to obtain Domain Admin privileges. The attack has been unveiled last week, strangely without a lot of media coverage (but things seem to change, the daily blogpost of the SANS ISC covered the subject yesterday). As there is still no fix (think software patch to install) from Microsoft, the term “0day” is around.

Continue reading

[Training/Conference] HIP – Mobile Hacking Training (17/18 June)

Guillaume Lopes (@Guillaume_Lopes) and Davy Douhine (@ddouhine), senior pentesters, will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers or just curious a 100% hands-on 2 days mobile training. Goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Hopper, Needle, etc.) and techniques to help you to work faster and in a more efficient way in the mobile (Android and iOS) ecosystem. This is the exact training that you would have liked to have before wasting your precious time trying and failing while testing.

Continue reading

Client side validation strikes again: PIN code bypass !

Client side validation Client side validation is a common weakness found during penetration tests and security audits performed by Randorisec. Because client side is by definition… on the user side, it can be altered by the user and sometimes it can be done quite easily. Netflix Parental Control PIN A few months ago we figured out that the Netflix parental control PIN was very easy to bypass: Hey kids !

Continue reading

[s03e01] RCE on Geutebruck IP Cameras

Abstract A few weeks ago we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found a RCE affecting version 1.12.0.24 and prior versions of E2 series IP cameras. In fact it is the third time we find a a RCE on this product line. One in 2016, another one in 2017 and now a new one in 2018.

Continue reading

[Training/Conférence] Hackfest 2018 - iOS Mobile Application Hacking

Nous sommes très heureux d’annoncer que la formation “iOS Mobile Application Hacking” sera donnée en français à Québec au Canada pour la 10e édition de la conférence Hackfest ! La conférence, qui est le plus grand événement de hacking au Canada et réunit plus de 900 passionnés de sécurité informatique, aura lieu les 2 et le 3 novembre 2018 et sera précédé de 3 jours dédiés aux formations. RandoriSec aura le plaisir d’animer la formation “iOS Mobile Application Hacking” pour la première fois lors d’une conférence.

Continue reading

[Conference] HITB Amsterdam 2018

RandoriSec was at the Amsterdam 2018 edition of Hack In The Box and… IT WAS A BLAST ! It has been over a month and many tweets, write-ups and even the full slides (https://conference.hitb.org/hitbsecconf2018ams/materials/) have been published so we won’t cover details here but we just wanted to say a few words about it. The agenda was great with two main conference tracks, one dedicated track for the labs and one additional, free and open to public, track:

Continue reading

[0day] Anonymous RCE on Geutebruck IP Cameras - again

Abstract A few months ago during a pentest, with Nicolas Mattiocco of Greenlock, we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found 3 RCE: a blind SQL Injection, a SSRF, a CSRF and a stored XSS affecting version 1.12.0.4 and prior versions. We’ve choose to “responsible disclose” these 0day vulnerabilities, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Continue reading

[0day] Digium Asterisk OS Command Injection Vulnerability

Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). This product is used in many very sensitive environments like prisons and official buildings. We’ve choose to “responsible disclose” them, directly to Digium and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Continue reading