Although the usefulness of security tools such as Antivirus, VPN and EDR is now indisputable in business circles, these solutions often need a lot of privileges and permissions to work properly, also making them an excellent target for an attacker. The presence of a bug in one of these types of solutions could allow a malware to elevate its privileges and cause more damage to the organization.
Continue reading Attacking Android Antivirus ApplicationsCategory: News
Splunk Boss Of The SOC (BOTS) @Insomni’hack
It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !
With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.
Continue reading Splunk Boss Of The SOC (BOTS) @Insomni’hackInternal security recommendations survey
During the first wave of Covid and most people locked up at home, I wanted to engage with my colleagues in various departments here at SCRT by having them answer a simple survey. The survey related to what actions they would recommend and prioritize in order to secure the information system of a random company, which had just received notification that a cyberattack was imminent.
Continue reading Internal security recommendations surveySplunk & advanced filtering with Event Masker
What is Splunk ?
Splunk is a Data-to-Everything Platform designed to ingest and analyze all kind of data. They can be visualized and correlated through Splunk searches, alerts, dashboards, and reports. Splunk is the #1 of 2020 Gartner Magic Quadrants in SIEMs for its performant analysis and visionary in Application Performance Management category.
Continue reading Splunk & advanced filtering with Event MaskerStealing user passwords through a VPN’s SSO
Last year I got this idea that I should attempt to pay for my holidays to Japan by hunting for bounties in security appliances while in the plane. A full 10 hours of uninterrupted focus on one solution seemed like it should yield interesting results. So I started reverse engineering the Firewall of a relatively common brand which has a private bug bounty. Due to this reason, I won’t be giving out the full details of the issue I discovered, but I find the vulnerability to be quite interesting and worth discussing. So I attempt to do this here without breaching any disclosure terms…
Continue reading Stealing user passwords through a VPN’s SSOContinuous Pentesting
At SCRT, we have been performing penetration tests for nearly 20 years now and have always tried to improve our methodologies to match client expectations and deliver the most accurate and useful results from each test we undertake.
Continue reading Continuous PentestingSCRT on Covid-19 and Remote Access / Working From Home
Like everybody, SCRT has been adjusting to life under Covid-19 over the last weeks. Thankfully, we’ve been prepared for working from home for quite some time now as many of us do so during normal circumstances anyways. This is however not the case for all companies and we’ve unfortunately been called in to help some of them deal with the unwanted consequences of poorly setting up their remote access (read: they got hacked). So here is a quick blog post detailing the main issues we see with remote access systems and what can be done to avoid them.
Continue reading SCRT on Covid-19 and Remote Access / Working From HomeSonicWall SRA and SMA vulnerabilities
Last year, Orange Tsai did some awesome research and discovered several vulnerabilities in SSL VPN providers which can allow an attacker to break into a network through the very device which is supposed to protect it. The vulnerable constructors were:
- Palo Alto
- Fortinet
- Pulse Secure
Public Intrusion Test of Swiss Post’s E-Voting System
Context
The Swiss Cantons have offered online voting to members of their electorate since 2004. Meanwhile, more than 200 binding trials at Federal votes and elections have taken place in 15 cantons over the years.
In order to expand online voting to a broader public, the Federal regulation obliges the Cantons to meet an additional set of requirements. These include the system feature of full verifiability, performing numerous audits and publishing the software components’ source code.
Continue reading Public Intrusion Test of Swiss Post’s E-Voting SystemPHPMyAdmin multiple vulnerabilities
During an assignment, I found several serious vulnerabilities in phpMyAdmin, which is an application massively used to manage MariaDB and MySQL databases. One of them potentially leads to arbitrary code execution by exploiting a Local file inclusion, while the other is a CSRF allowing any table entry to be edited.
Continue reading PHPMyAdmin multiple vulnerabilities