Technical Corner

Searching for vulnerabilities in IoT devices: Case of CVE-2022-46527 (Part 2)

This article is the second part of case study CVE-2022-46527 and will discuss the discovery of the vulnerability and a proof of concept leading to a crash

Read this article

Author

CyberForce Offensive Security Team

Published on

26 June 2023

Cybersecurity Technical Corner

Searching for vulnerabilities in IoT devices: Case of CVE-2022-46527 (Part 1)

Setting up the environment to scan IoT devices for vulnerabilities: Case of CVE-2022-46527

Read this article

Author

CyberForce Offensive Security Team

Published on

14 March 2023

Cybersecurity Technical Corner

Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART2: gaining code execution

How to exploit the vulnerability in Firefox 56 and 57 to get code execution

Read this article

Author

CyberForce Offensive Security Team

Published on

19 September 2022

Cybersecurity Technical Corner

Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART1: controlling the instruction pointer

Find out how to take advantage of the whole underflow vulnerability on Firefox 56 and 57

Read this article

Author

CyberForce Offensive Security Team

Published on

04 July 2022

Cybersecurity Technical Corner

Adversary simulation exercise: when real-life meet business

This article is short story telling about one adversary simulation exercise we (POST CyberForce Offensive Security) performed.

Read this article

Author

CyberForce Offensive Security Team

Published on

08 March 2022

Cybersecurity Technical Corner

iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE

You might have seen the recent bug in iOS 14.0 to 14.4, that crashed the Wi-Fi service by naming an access point a specific way. Apple tagged this bug as a Denial of Service on the Wi-Fi service, but the Zecops [1] Research Team has shown proofs that it could be exploited, causing an RCE, and more precisely a Zero-Click RCE.

Read this article

Author

CyberForce Offensive Security Team

Published on

07 September 2021

Cybersecurity Technical Corner

Anatomy of a Red-Team exercise - Chapter 3

As discussed in previous scenario, we prepared several raspberry devices with a 4G modem, allowing us to remotely control the device without requiring being in proximity for operation.

Read this article

Author

CyberForce Offensive Security Team

Published on

29 June 2021

Cybersecurity Technical Corner

Anatomy of a Red-Team exercise - Chapter 2

Prior any actions, we focused on the payload crafting that will be used with our attack scenarios. We decided to go for PowerShell stageless reverse HTTPS payload that will be delivered using HTA dropper and then executed on the target machine.

Read this article

Author

CyberForce Offensive Security Team

Published on

20 April 2021

Cybersecurity Technical Corner

Anatomy of a Red-Team exercise - Chapter 1

A Red Team engagement can be shortly described as a real-life targeted attack simulation. As a threat actor, it uses a blended approach through several facets of social engineering, physical intrusion, application/network penetration testing, targeted phishing campaign… simultaneously to reach some pre-defined objectives.

Read this article

Author

CyberForce Offensive Security Team

Published on

22 March 2021

Products & services

Telecom & ICT

Courrier

Finance

Your needs

Blog

Articles