Client side validation strikes again: PIN code bypass ! Davy Douhine 22 Décembre 2018 Bugbounty Client side validation Client side validation is a common weakness found during penetration tests and security audits performed by Randorisec. En savoir plus
[s03e01] RCE on Geutebruck IP Cameras Davy Douhine 18 Décembre 2018 0day Abstract A few weeks ago we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found a RCE affecting version 1.12.0.24 and prior versions of E2 series IP cameras. En savoir plus
Get Freebies by Abusing the Android InApp Billing API Davy Douhine 11 Décembre 2018 Publications As Google defines it Google Play Billing is a service that lets you sell digital content from inside an Android app, or in-app. En savoir plus
[Training/Conference] DeepSec – Advanced Penetration Testing in Real World (27/28 November) Davy Douhine 3 Septembre 2018 Training RandoriSec is going to provide a training at DeepSec (Vienna, Austria) the 27 and 28 November. The training Advanced Penetration Testing in Real World is intended for penetration testers and security engineers who would like to improve their penetration testing skills or even to learn how to perform penetration tests from scratch (for motivated people). En savoir plus
[Training/Conférence] Hackfest 2018 - iOS Mobile Application Hacking Davy Douhine 1 Septembre 2018 Pentest Nous sommes très heureux d’annoncer que la formation “iOS Mobile Application Hacking” sera donnée en français à Québec au Canada pour la 10e édition de la conférence Hackfest ! En savoir plus
[Conference] SSTIC 2018 Davy Douhine 19 Juin 2018 General RandoriSec was at the SSTIC conference in Rennes, France. SSTIC (Symposium sur la sécurité des technologies de l’information et des communications in French) is an old security conference which started in 2003 and the majority of the presentations are in French! This year it was the 16th (0x10) edition occurring at the Couvent des Jacobins, an old convent. En savoir plus
[Conference] HITB Amsterdam 2018 Davy Douhine 24 Mai 2018 General RandoriSec was at the Amsterdam 2018 edition of Hack In The Box and… IT WAS A BLAST ! It has been over a month and many tweets, write-ups and even the full slides (https://conference.hitb.org/hitbsecconf2018ams/materials/) have been published so we won’t cover details here but we just wanted to say a few words about it. En savoir plus
[0day] Anonymous RCE on Geutebruck IP Cameras - again Davy Douhine 20 Mars 2018 0day Abstract A few months ago during a pentest, with Nicolas Mattiocco of Greenlock, we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found 3 RCE: a blind SQL Injection, a SSRF, a CSRF and a stored XSS affecting version 1.12.0.4 and prior versions. We’ve choose to “responsible disclose” these 0day vulnerabilities, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). Since then a new firmware has been released (1.12.0.19) to fix that, ICS-CERT has released an advisory and 6 CVE (CVE-2018-7532 - CVE-2018-7528 - CVE-2018-7524 - CVE-2018-7520 - CVE-2018-7516 - CVE-2018-7512) have been assigned. En savoir plus
[Training] iOS Mobile Application Hacking Davy Douhine 16 Janvier 2018 Training L’offre de formation de RandoriSec est enrichie d’un nouveau module de 2j pour apprendre à auditer la sécurité des applications mobiles iOS. En savoir plus
[0day] Digium Asterisk OS Command Injection Vulnerability Davy Douhine 6 Décembre 2017 0day Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). En savoir plus
[Conference] Industrial Hacking at DeepINTEL Davy Douhine 18 Septembre 2017 Conference We will be speaking about Industrial Hacking at DeepINTEL in Vienna this week! Here is the pitch: A few months ago a client asked us to assess the security of the ICS (Industrial Control Systems) of a brand new datacenter. As we were no industrial guys we discovered a whole new world and we tried and failed many times before owning the system. ”Industrial DIY“ tries to show how a small team of pentesters managed to assess the security of industrial systems (ICS/SCADA/BMS) and how to protect these critical infrastructures against a few major threats. En savoir plus
[0day] LogicalDOC - from guest to root Florent 28 Juillet 2017 0day LogicalDOC is a DMS (Document Management System) available either in a community (and free) edition, or in a professional (and expensive) version. This type of product is normally used to share and access doc from « everywhere » as they say on their website: « Your documents – Always accessible, from anywhere, at any time » which means web interfaces widely open on the internet. En savoir plus
[Publication] Auditer les applications iOS avec Needle Davy Douhine 25 Avril 2017 Pentest Nous avons écrit un article sur Needle, un outil permettant d’auditer la sécurité des applications iOS, qui a été publié dans le magazine MISC de mai/juin 2017. Nous avions opté pour une licence CC dans le but de mettre l’article à disposition de tout le monde dès l’expiration des droits d’auteur. Il est maintenant accessible gratuitement. En savoir plus
TheHive pentest Davy Douhine 20 Avril 2017 Pentest Do you know TheHive and Cortex? TheHive is a free and open-source security incident response platform which relies on Cortex to analyze observables (IP, email addresses, domain names, etc…). En savoir plus
[0day] Bull/IBM AIX Clusterwatch/Watchware vulnerabilities Davy Douhine 7 Mars 2017 0day Bull/IBM Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! En savoir plus
