Pages

Monday, March 5, 2018

NoSQL injection leading to administrator account takeover in Rocket.Chat (0.57.3, 0.58.3 and below)

Executive Summary A regular user account can access sensitive data using a NoSQL injection vulnerability in the API provided by Rocket.Cha...
Tuesday, July 26, 2016

How I save my Strava activity

Last Sunday, when I reached my home after my bike ride I took my smartphone from my pocket to stop the activity and tried to put it back in ...
Tuesday, April 7, 2015

Security update issue on Lenovo tablet

Few days ago, I spend some of my free time checking what my chinese android tablet (Lenovo Yoga 2) was sending on the Internet. I quickly id...
Friday, May 24, 2013

OSX Kitmos : other binary, other C&C

On May the 20th, Norman has published a report  about an Indian cyberattack infrastructure that they call "Hangover" due to infor...
Monday, May 20, 2013

OSX Kitmos analysis

On 16th of May, Sean Sullivan  has published an article  on F-Secure blog about a new Mac OSX malware discovered on the Mac of an African a...
1 comment:
Monday, April 1, 2013

Analysis of an APT1 binary

In middle of February, Mandiant has released a huge report about cyber threat from Chinese government. Some of the technical details has b...
Sunday, June 10, 2012

Make Dionaea stealthier for fun and no profit

I'm in my "honeypot playing period" and I've tried to scan my Dionaea with Nmap which detect of course lots of port list...
5 comments: