And here I was thinking everybody knew SQL injections and that this challenge wouldn’t last an hour. And yet only one team was able to complete it before the end of the contest. o_O
Continue reading Insomnihack 2013 – Central DirectoryMonth: March 2013
Insomni’hack 2013 – recycle.exe
The main idea behind this challenge came after reading an article in Valhalla magazine about inline JScript for implementing cryptography in malwares targeting Windows.
Continue reading Insomni’hack 2013 – recycle.exeInsomni’hack 2013 : The game
A popular game amongst survivors is the Rock-Paper-Scissors-Lizard-Spock game. To gain their respect, we strongly encourage you to be the best at this game. This will strengthen your reputation and will attract new citizens.Continue reading Insomni’hack 2013 : The game
Insomnihack 2013 – Facebookalypse
This challenge was definitely one of the harder web missions and based on a redefined session handler mechanism that was initially discovered in a relatively well-know Firewall brand. It is also very similar to the example you can find on PHP’s own documentation here : http://php.net/manual/en/function.session-set-save-handler.php
Continue reading Insomnihack 2013 – FacebookalypseInsomni’hack 2013 – Life is hard(ware)
Intro
For this challenge, I wanted the attendees to reverse a microcontroller firmware, but most of all, I wanted them to actually see the result “live” to prove that the code actually works on a real device. The main idea was to use a keypad and a small screen to display the flag once the correct code has been entered.
Continue reading Insomni’hack 2013 – Life is hard(ware)Insomni’hack contest wrap-up
After 8 hours of intense hacking, pycured ended up on top in this year’s Insomni’hack contest, in front of [TechnoPandas] and Int3pids.
Continue reading Insomni’hack contest wrap-upmongodb – SSJI to RCE
Lucky discovery
Trying some server side javascript injection in mongodb, I wondered if it would be possible to pop a shell.
The run method seems good for this :
Catalogue de formations 2013
Pour 2013 SCRT étoffe à nouveau son catalogue de formations techniques afin de répondre au mieux au monde de la sécurité en perpétuelle évolution, notamment avec les formations sur le développement d’applications pour terminaux mobiles (COD102 & COD103) ainsi que la gestion des logs dans le contexte de la sécurité informatique (FOR102).
Continue reading Catalogue de formations 2013Sécurité des terminaux Android
Introduction
Lors d’un précédent article nous nous intéressions à la sécurité des terminaux iOS, notamment face aux outils de jailbreak permettant de contourner le chiffrement de la NAND. Bien que le marché Suisse soit majoritairement tourné vers iOS pour le moment, la sécurité des terminaux Android n’est pas à négliger, d’autant plus que leur popularité est grandissante.
Continue reading Sécurité des terminaux Android