Introduction In this article we cover the exploitation of WSUS when used over unsecured HTTP. Specifically, we use socket injection to achieve remote command execution on WSUS clients. For this,… Lire la suite →
Insomni’hack 2023 – The Exploit Quest My colleague, Felix Bonningue, and I tackled this challenge, as it seemed quite intriguing. In this challenge, we had to infiltrate a… Lire la suite →
Ethernet ghosting & NAC bypass – A practical overview Introduction Even when provided with direct physical access to the network (client hands you a LAN cable), some security assessments may… Lire la suite →
immunIT et ses partenaires ont le plaisir de vous annoncer la 1ère édition de l’immuniDay! Une journée axée autour des dernières innovations en matière de sécurité informatique. Où? Hôtel Warwick,… Lire la suite →
Ça déménage chez immunIT ! Afin d’accompagner notre croissance, nous nous sommes installés dans de nouveaux locaux le 1er mai 2022. Un déménagement qui permet à la société d’accueillir de… Lire la suite →
The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March and October 2020 to reach… Lire la suite →
Hello hardware hacker community, As you probably know, we have publicly released the first version of our hardware exploration tool : the Octowire. You can shop it now at :… Lire la suite →
Vulnerability Summary Due to discrepancies between the specifications of httpd and Tomcat for path resolution, Apache mod_jk Connector 1.2.0 to 1.2.44 access controls to endpoints defined by a JkMount httpd… Lire la suite →
Hi everyone, Today, I will introduce you to a new tool, developed for the sake of one of our pentesting engagement, named XIP. XIP claims to provide an efficient way… Lire la suite →
Vulnerability Summary Cisco Meeting Server (CMS) is bundled with the coturn open source TURN server, which implements RFC 6062. This RFC adds TCP proxying capabilities to the TURN protocol, which… Lire la suite →