RandoriSec was at the Amsterdam 2018 edition of Hack In The Box and… IT WAS A BLAST ! It has been over a month and many tweets, write-ups and even the full slides (https://conference.hitb.org/hitbsecconf2018ams/materials/) have been published so we won’t cover details here but we just wanted to say a […]

[Conference] HITB Amsterdam 2018



Abstract A few months ago during a pentest, with Nicolas Mattiocco of Greenlock, we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found 3 RCE, a blind SQL Injection, a SSRF, a CSRF and a stored XSS affecting […]

[0day] Anonymous RCE on Geutebruck IP Cameras – again



L’offre de formation de RandoriSec est enrichie d’un nouveau module de 2j pour apprendre à auditer la sécurité des applications mobiles iOS. Descriptif :  L’objectif de cette formation est de transmettre les méthodes d’attaques visant les applications iOS ainsi que les recommandations permettant de contrer ou tout du moins ralentir ces […]

[Training] iOS Mobile Application Hacking



    Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). This product is used in many […]

[0day] Digium Asterisk OS Command Injection Vulnerability