A vulnerability has been identified very recently by Google Project Zero in Microsoft’s protection engine : CVE-2017-0290 : Remote Code Exploitation in Microsoft Malware Protection Engine The security fix KB890830 has …
Does only one mail could DoS your SAP System ? And more…
Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] Almost all SAP Netweaver versions natively support SMTP (Simple Mail Transfer Protocol), this enables e-mail exchange between the SAP system and other mail server, …
TLS Mind Map – Ciphersuits
[cs_content][cs_section parallax=”false” style=”margin: 0px;padding: 45px 0px;”][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][x_custom_headline level=”h2″ looks_like=”h3″ accent=”false”]TLS Mind Map[/x_custom_headline][cs_text class=”cs-ta-justify”]During audits and penetration tests, we’re …
NDH qualifications’ write-up : Purple Posse Market challenge
Purple Posse Market was a Web Challenge where you had to steal the administrator’s personal information. This challenge deals with an application of cross site scripting attack. Description: You work …
NDH qualifications’ write-up : Bender Bending Rodriguez challenge
The following write-up details a solution to one of the Nuit Du Hack qualification phase challenges. Nuit Du Hack is a french security event which takes place for its 15th edition in …
NDH qualifications’ write-up : Slumdog Millionaire challenge
The following write-up details a solution to one of the Nuit Du Hack qualification phase challenges. Nuit Du Hack is a french security event which takes place for its 15th edition in …
Malware… the entry point could be your SAP System
Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] Security researchers, from ERPScan, discover a vulnerability on SAP Gui and disclose it during last Troopers Conference. The vulnerability doesn’t impact directly the SAP …
Insomni’Hack write-up : “The Secr3tMgr Lock” challenge
The following write-up details a solution to one of the Insomni’Hack Capture The Flag challenge. Insomni’Hack is a Swiss security conference in Geneva which hosts an on-site CTF competition. https://insomnihack.ch/ …
One year of SAP vulnerabilities
Version Française [x_custom_headline type=”left” level=”h4″ looks_like=”h4″]Quick review[/x_custom_headline] This 13 December was the last ‘SAP Security Tuesday patch’ of the year. Now it is possible to make some reviews and comments …
[ALERT CERT] – Multiple WordPress vulnerabilities versions < 4.7.2
Three wordpress vulnerabilities have been disclosed those last few days : CVE-2017-5610 : Authorization bypass CVE-2017-5611 : SQL Injection CVE-2017-5612 : XSS Versions below 4.7.2 are concerned. The main conerne …