Introduction In this article we cover the exploitation of WSUS when used over unsecured HTTP. Specifically, we use socket injection to achieve remote command execution on WSUS clients. For this,… Lire la suite →
The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March and October 2020 to reach… Lire la suite →
Hello hardware hacker community, As you probably know, we have publicly released the first version of our hardware exploration tool : the Octowire. You can shop it now at :… Lire la suite →
Hi everyone, Today, I will introduce you to a new tool, developed for the sake of one of our pentesting engagement, named XIP. XIP claims to provide an efficient way… Lire la suite →
Vulnerability Summary Cisco Meeting Server (CMS) is bundled with the coturn open source TURN server, which implements RFC 6062. This RFC adds TCP proxying capabilities to the TURN protocol, which… Lire la suite →
Hi everyone, Today, I will introduce you to a new tool, developed for the sake of our penetration testing activities, named Drupwn which claims to provide a reliable and efficient… Lire la suite →