Reports
RandoriSec aims to provide help on some Open Source projects and performed pro-bono security assessments.
In 2017, we performed a security review of The Hive solution. The report can be found below:
- The Hive project: 2017 - Pentest report
Articles
Our team likes to share techniques, tips or tools by writing articles on the MISC and GNU/Linux magazines:
- Elevez la détection d’intrusion au niveau noyau avec Sysdig et ses scripts Chisel (September 2023)
- Le bourbier des dépendances : confusion et sabotage (September 2022)
- Return Oriented Programming 101 (October 2020)
- Auditer la sécurité d’une application iOS (November 2019)
- Contournement de l’API Google Play Billing (November 2019)
- Présentation de l’OWASP Mobile Security Testing Guide (November 2019)
- Biais cognitifs et organisationnels : comment réussir sa sécurité (enfin, essayer) (October 2019)
- Quels outils pour l’audit d’intrusions d’applications web ? (July 2018)
- Audit sécurité d’une application iOS avec Needle (May 2017)
- Cinq façons de devenir administrateur de domaine avec Metasploit (October 2016)
- Les réseaux : toujours sujets à des attaques (May 2016)
- BurpSuite (June 2015)
- Ramonage de vulns avec mona.py (May 2015)
- Contribuer à Metasploit (December 2014)
- Mise en place du SIEM Prelude en entreprise - Retour d’expérience (November 2013)
- Utilisation avancée de Mimikatz (March 2013)
- Utilisation avancée de SQLmap (July 2012)
- Chiffrement des données utilisateurs sous Android (November 2011)
- Transformer son Android en plateforme de test d’intrusion (Septembre 2011)
- Attaques sur le protocole Kerberos (March 2011)
Conferences
Research presented by our team:
- BlackAlps 2022: Some cracks in the Linux firewall
- HACK-IT-N 2019: OWASP Mobile Security Testing Guide
- DeepSec 2019: Abusing Google Play Billing for fun and unlimited credits!
- Hack In Paris 2019: Abusing Google Play Billing for fun and unlimited credits!
- BSides Budapest 2019: Abusing Google Play Billing for fun and unlimited credits!
- BSides Dublin 2019: Abusing Google Play Billing for fun and unlimited credits!
- OSSAC 2018 - Improving detection with ATT&CK
- DeepINTEL 2017: Industrial DIY – Attacking SCADA Infrastructure
Advisories
Regularly, during security assessments, our team found 0-days vulnerabilities. In that case, all security vulnerabilities are reported to the editor and the appropriate CERT.
Here is a list of the publicly disclosed vulnerabilities:
- StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to stored Cross-Site Scripting (CVE-2024-22877)
- StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to stored Cross-Site Scripting (CVE-2024-22876)
- Various QNAP operating system versions vulnerable to a Server-Side Request Forgery (CVE-2023-39301)
- Linux Kernel Local Privilege Escalation (CVE-2022-34918) - PoC - exploit
- Geutebruck G-Cam/E2 Series and G-Code encoder OS Command Injection (CVE-2021-33543, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554) - CVE-2021-33549 exploit / exploit for the other CVEs / camera deface module
- Geutebruck G-Cam/E2 Series and G-Code encoder Stack-based Buffer Overflow (CVE-2021-33545 - CVE-2021-33546 - CVE-2021-33547, CVE-2021-33549)
- Geutebruck G-Cam/E2 Series and G-Code encoder Authentication Bypass (CVE-2021-33544)
- Geutebruck G-Cam/E2 Series and G-Code encoder OS Command Injection (CVE-2020-16205) - exploit
- Moxa EDR-810 Series Secure Routers Ping Command Injection (CVE-2019-10969) - exploit
- Moxa EDR-810 Series Secure Routers Missing Access Control on Log Files (CVE-2019-10963) - exploit
- Geutebruck G-Cam/E2 Series and G-Code encoder OS Command Injection (CVE-2019-10956)
- Geutebruck G-Cam/E2 Series and G-Code encoder OS Cross-Site Scripting (CVE-2019-10957)
- Geutebruck G-Cam/E2 Series and G-Code encoder OS Command Injection (CVE-2019-10958)
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Unauthentication (CVE-2018-7532)
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 SQL Injection (CVE-2018-7528)
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Cross-Site Request Forgery (CVE-2018-7524)
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Improper Access Control (CVE-2018-7520) - exploit
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Server-Side Request Forgery (CVE-2018-7516)
- Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Cross-Site Scripting (CVE-2018-7512)
- Loytec LVIS-3ME Path traversal, Cross-Site Scripting, Insufficient entropy and insufficiently protected credentials (CVE-2017-13992, CVE-2017-13994, CVE-2017-13996, CVE-2017-13998)
- Geutebruck G-Cam/EFD-2250 Authentication Bypass and Remote Code Execution Vulnerabilities (CVE-2017-5173 and CVE-2017-5174) - exploit
- Digium Asterisk GUI OS Command Injection (CVE-2017-14001)
- Belden Hirschmann GECKO Information Disclosure (CVE-2017-5163)
- Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
- Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability (ZDI-10-231)
- TWiki Multiple Cross Site Scripting Vulnerabilities (CVE-2010-3841)