Nous avons co-écrit (avec Nicolas Mattiocco de Green Lock Advisory) un article sur les attaques réseaux qui a été publié dans le magazine MISC de mai/juin 2016. Nous avions opté pour une licence CC dans le but de mettre l’article à disposition de tout le monde dès l’expiration des droits d’auteur. […]

[Publication] Les réseaux: toujours sujets à des attaques

[UPDATE] An excellent article about the same issue has been posted by Detectify a few day after this one. Unfortunately Detectify was not aware of our post and had worked independently on this problem. Well they digged deeper and warned big webistes (Ars Technica, The Register, Observer, etc…) so the […]

Slack session hijacking

No need to introduce the incredible Burp Suite, THE ultimate tool for web pentests. 12 years ago the first version was born: Cute wasn’t it ? It was more or less what you get in the Intruder tab now. Today it’s a full toolbox:   However, having the best tool […]

A few tips on Burp Suite and web application penetration ...

One year ago we found that using the Word 2003 XML format could by very usefull for pentesters/redteamers/attackers as a standard VBA meterpreter payload was scoring 1/57 on VT (instead of 20/57 using the Office OpenXML format). AV vendors made their homeworks, VT score is now 14/54   Anyway another […]

Word 2003 XML: another trick to bypass anti-virus