Publications

Yet another BEC investigation on M365

22/11/2021
CSIRT
Several materials already describe this type of attack, this document is an operational feedback from the CSIRT Synacktiv on several BEC incidents based on Microsoft 365 service. This is the part one of this publication.

How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus

04/11/2021
Exploit
Pentest
During a penetration test we encountered the ManageEngine ADSelfService Plus (ADSS) solution. ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users. We decided to dig into this solution. However, our research barely started that a wild exploitation on this solution was announced. In this article we will explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the ...

Finding gadgets like it's 2015: part 2

28/10/2021
We found a new Java gadget chain in the Mojarra library, one of the most used implementation of the JSF specification. It uses a known entry point to start the chain and ends with arbitrary code execution through Java's Expression Language. It was tested on version 2.3 and 3.0 of the Eclipse implementation of the JSF specification.

Car hijacking swapping a single bit

26/10/2021
Hardware
Exploit
Pentest
Used to interact with various ECU (Electronic Control Unit) in a car, the UDS (Unified Diagnostic Services) service is widely deployed by car constructors. This generic high level protocol is used to extract ECUs state, configure them or even update their firmware. When the implementation lacks cryptography support inside an ECU, the security level can decrease dramatically. This short blog post presents an hardware attack leveraging all diagnostic functions to an unauthorized tester.

Finding gadgets like it's 2015: part 1

18/10/2021
Pentest
We found a new Java gadget chain in the Mojarra library, one of the most used implementation of the JSF specification. It uses a known entry point to start the chain and ends with arbitrary code execution through Java's Expression Language. It was tested on versions 2.3 and 3.0 of the Eclipse implementation of the JSF specification.

Is it post quantum time yet?

28/09/2021
Cryptographie
Quantum computing. Among all the fashionable IT buzzwords, this one comes prominently. Quantum computing, or the idea people get of it, feeds a lot of fantasy. This trend is supported by the news that sometimes relay hazy information about a topic they do not fully grasp. Getting a precise view of the state of quantum computing and its implications on security is not easy if you are not familiar with the topic. In this article, we will try to answer this seemingly simple question: is it post quantum time yet?