Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). This product is used in many […]

[0day] Digium Asterisk OS Command Injection Vulnerability

We will be speaking about Industrial Hacking at DeepINTEL in Vienna this week. ! Here is the pitch: A few months ago a client asked us to assess the security of the ICS (Industrial Control Systems) of a brand new datacenter. As we were no industrial guys we discovered a […]

Industrial Hacking at DeepINTEL

LogicalDOC is a DMS (Document Management System) available either in a community (and free) edition, or in a professional (and expensive) version. This type of product is normally used to share and access doc from « everywhere » as they say on their website: « Your documents – Always accessible, from anywhere, at […]

[0day] LogicalDOC – from guest to root   Mise à jour récente !

Nous avons écrit un article sur Needle, un outil permettant d’auditer la sécurité des applications iOS, qui a été publié dans le dernier magazine MISC. Voici le synopsis: Needle [needle] (aiguille en anglais) est un cadriciel (framework) open source qui accélère considérablement les analyses orientées sécurité des applications iOS. Conçu par […]

[Publication] Auditer les applications iOS avec Needle