Filter by category:

  • NetisRCE_digitalsecurity

    Netis Routers - Remote Code Execution (CVE-2019-19356)

    During a security assessment of one of our customers, we came across an important vulnerability (CVE-2019-19356) on a NETIS WF2419 router. The vulnerability is an authenticated Remote Code...
  • HITB_DamienCauquil_digitalsecurity

    Write-up: Badge HITB attendee

    Damien Cauquil attended Hack In The Box 2019 Asmterdam as a speaker, and it was pretty awesome ! He met awesome people, old friends, had fun with old games, made some jewelry, and drank a lot of Club...
  • Digital Security at Blackhoodie17

    Blackhoodie17, of reverse and women

    "Because a girl-to-girl conversation is so much more fruitful than a full classroom with only one or two women hiding in the corners. These are Marion Marschalek (@pinkflawd), words, organizer of the...
  • iotroop

    IoTroop, a new pandemic affecting connected objects

    Everyone remembers the attack wave generated by the Mirai botnet at the end of 2016. The world of IoT, until then rather little targeted by malware, knows one of its first devastating botnets. This...
  • BlueBorne_logo2

    BlueBorne, an attack vector for fast and stealth contagion

    Armis Labs, a company specialized in IoT, has released a collection of 0day which affect almost all mobile devices but also main operating systems used in IT and IoT world. More precisely, these...
  • Brucon 2017

    Report of the 9th edition of the BruCON conference

    The 9th edition of the BruCON conference was held on the 5th and 6th of October at the University of Ghent, Belgium. Digital Security was there with its own talk and as a guest at a workshop about...
  • NotPetya

    NotPetya: a wiper boosted with NSA exploits

    On June 27th, 2017, less than 2 months after the Wannacry ransomware attack that hit hundreds of thousands of computers in more than 150 countries, a new worm has caused panic in the IT services of...
  • DEFCON_25_Recon_Village_OSINT_CTF

    Write-Up: DEFCON 25 Recon Village OSINT CTF

    This blogpost is a write-up of some online challenges we managed to solve during the DEFCON 25 Recon Village OSINT CTF.
  • Dans la boite à outils d'Equation Group

    A peek view in the Equation Group toolbox

    This article aims to introduce the framework that has been disclosed through an article posted by ShadowBrokers, focusing on two tools, FuzzBunch and DanderSpritz, and their associated modules....
  • tmp

    Data analysis of the Shadow Brokers leak

    The purpose of this blogpost is to drill down a first analysis of the data provided by The Shadow Brokers Friday, April 14th 2017, and to highlight the level of potential threat towards every user...
  • synthese_menaces_iot

    Threats of connected objects: issues and possibilities

    Introduction The hyper-connectivity of today's society involves new threats and scenarios of attacks. The Internet of Things thus raises new challenges in terms of security which must be taken...
  • GSMA's IoT security guidelines overview

  • Lény Bueno

    Embedded devices and hardware security - introduction

    This article introduces a series of blog posts dealing with embedded systems security. This set of articles will mainly focus on Hardware but may also concern software security (e.g. firmware) or...
  • Compte-rendu du FIC 2016

    Report of the 8th International Cyber Security Forum

    « For great aims we must dare great things ». This reference to the essay of military strategy On war, written by Carl von Clausewitz, sums up the "war-like" atmosphere which prevailed during the...
  • Nha-Khanh Nguyen

    Healthcare, connected people

    21st century, technology is everywhere. Connecting your watch or you toothbrush is becoming part of your daily life. Put all these connected objects together and you will have the Internet of Things...
  • Jérôme Richard

    From CISO to Digital risks director

    CISO Role and responsibility Organization's Chief Information Security Officer (CISO) is defined by the CIGREF in "nomenclature des métiers 2015" as being in charge with "[the definition of] the...
  • apple

    Mobile phones and encryption

    News has recently bring attention on mobile phones encryption policies, particularly through the Apple vs. FBI case. The FBI unsuccessfully tried to force the firm to decipher the phone used by a...
  • Julia Juvigny

    Smart home security : Overview of ENISA's report

    Defined by ENISA as a space integrating interconnected smart devices and systems, the smart home is the direct successor of home automation systems. A market that is expected to generate a turnover...
  • Peter Stiehl

    Write-Up: Todo Rename The Service Name (300 points)

    This challenge has been created for the public wargame of the Nuit Du Hack 2016 event and has not been resolved. This is a write-up written by the creator of the challenge. We need to retrieve the...
  • Florent Poulain

    Bypassing antivirus detection on a PDF exploit

    Every pentester has one day grappled with an antivirus blocking his tools, be it for a pentest, a phishing campaign, a security awareness demonstration, and so on. Several Internet resources present...