Introduction In this article we cover the exploitation of WSUS when used over unsecured HTTP. Specifically, we use socket injection to achieve remote command execution on WSUS clients. For this,… read more →
Insomni’hack 2023 – The Exploit Quest My colleague, Felix Bonningue, and I tackled this challenge, as it seemed quite intriguing. In this challenge, we had to infiltrate a… read more →
Ethernet ghosting & NAC bypass – A practical overview Introduction Even when provided with direct physical access to the network (client hands you a LAN cable), some security assessments may… read more →
immunIT et ses partenaires ont le plaisir de vous annoncer la 1ère édition de l’immuniDay! Une journée axée autour des dernières innovations en matière de sécurité informatique. Où? Hôtel Warwick,… read more →
Ça déménage chez immunIT ! Afin d’accompagner notre croissance, nous nous sommes installés dans de nouveaux locaux le 1er mai 2022. Un déménagement qui permet à la société d’accueillir de… read more →
The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March and October 2020 to reach… read more →
Hello hardware hacker community, As you probably know, we have publicly released the first version of our hardware exploration tool : the Octowire. You can shop it now at :… read more →
Vulnerability Summary Due to discrepancies between the specifications of httpd and Tomcat for path handling, Apache mod_jk Connector 1.2.0 to 1.2.44 access controls to endpoints defined by a JkMount httpd… read more →
Hi everyone, Today, I will introduce you to a new tool, developed for the sake of one of our pentesting engagement, named XIP. XIP claims to provide an efficient way… read more →
Vulnerability Summary Cisco Meeting Server (CMS) is bundled with the coturn open source TURN server, which implements RFC 6062. This RFC adds TCP proxying capabilities to the TURN protocol, which… read more →