Context and affected products On the 17th of December, 2019 Citrix announced that their ADC (Application Delivery Controller), Gateway and SD-WAN WANOP products were vulnerable to an unauthenticated Remote Code …
[CERT ALERT] – Critical Vulnerability on the browser Firefox
Context Firefox has released a recent update on Firefox 67.0.3 and Firefox ESR 60.7.1 to prevent a wave of cyber-attacks using a new “Zero-Day” vulnerability. This vulnerability was discovered and …
[CERT ALERT] – Unpatched WordPress vulnerability
A new vulnerability has been published on June, the 26th 2018 by RIPS’ teams on the core components of WordPress CMS. It affects all WordPress versions (up to the latest …
[CERT ALERT] – SAP Internet Graphics Server – Multiple vulnerabilities
Vendor : SAP Application : SAP Inernet Grahic Server (IGS) Affected versions : SAP IGS 7.20, 7.20_EXT, 7.45, 7.49, 7.53 Bug : Multiple vulnerabilities CVSS : 8.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H CVE : …
FIC 2018 – Random forensics challenges write-up
Several security challenges have taken place during the FIC 2018 event. Thanks to all organizers, authors and sponsors related to there challenges. Here are some several write-ups of night and …
GreHack 2017 – Write Up Forensic 400
GreHack is a french security event which takes place for its 4th edition in Grenoble, on 17th November 2017. https://grehack.fr/ The CTF takes place from Friday 9:30 PM to Saturday …
[CERT ALERT] – CCleaner: A Vast Number of Machines at Risk
A vulnerability has been identified very recently by Talos Group (Cisco), in Piriform CCleaner tool: On September 13, 2017, Cisco Talos identified the installer CCleaner v5.33 which was triggering the …
SAP backward compatibility and spoofing users !
Version Française From older SAP R/3 to the recent SAP Netweaver ABAP system, SAP username and password are stored encrypted directly in database. Fortunately, encryption mechanisms have evolved since 90’s …
AntiForensics techniques : Process hiding in Kernel Mode
Introduction This article is the first iteration of a series introducing several malware techniques for both persistence and propagation. Most of these techniques were discovered and disclosed several years ago …
HIP – 25 Techniques to Gather Threat Intel and Track Actors (Wayne Huang, Sun Huang)
The last talk of this Hack in Paris 2017 was given by two speakers: Wayne Huang , founder and CEO of Armorize Technologies, VP Engineering at Proofpoint Sun Huang, Senior …