Nous avons écrit un article sur Needle, un outil permettant d’auditer la sécurité des applications iOS, qui a été publié dans le dernier magazine MISC. Voici le synopsis: Needle [needle] (aiguille en anglais) est un cadriciel (framework) open source qui accélère considérablement les analyses orientées sécurité des applications iOS. Conçu par […]

[Publication] Auditer les applications iOS avec Needle

Do you know TheHive and Cortex ? TheHive is a free and open-source security incident response platform which relies on Cortex to analyze observables (IP, email addresses, domain names, etc…). Thanks to TheHive Project we had the chance to pentest these software a few weeks ago. TheHive team has decided to jointly publish […]

TheHive pentest

Bull/IBM Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs (shell scripts and binaries) and we have found three vulnerabilities in it: […]

[0day] Bull/IBM AIX Clusterwatch/Watchware vulnerabilities

Abstract Last summer during a pentest for a client we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” (source: http://www.sourcesecurity.com/companies/enhanced-company-listing/geutebruck-gmbh.html) and found a trivial remote command execution vulnerability (0day) affecting version 1.11.0.12 and prior versions. We’ve choose to “responsible […]

Anonymous RCE on Geutebruck IP Cameras