Formations

Améliorez vos compétences en prenant part à nos différentes formations sur-mesure.

Prestation sécurité du SI

Identifiez vos failles de sécurité afin de protéger votre SI.

MALICE - Cyber Entraînement

Entrainez vos équipes à la lutte informatique et simulez un environnement de cyberdéfense.

Evènements

Participez à nos évènements et conférences sur la sécurité informatique.

Quoi de neuf chez Sysdream ?


Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename)

When using the "database backup/logging on filesystem" feature, iThemes security generates a weak filename allowing attackers to obtain the backup/log file if they know when the backup/log file was generated (timestamp).

Lire la suite


Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights)

A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files.

By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory :
wp-content/uploads/ithemes-security/backups

The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does NOT exists by default.

When running a backup, the ITSEC_Backup class creates the directory but without any .htaccess file inside. The same thing happens with log saving.

If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files.

Lire la suite


#ndhquals - The story of an amazing and crazy night

Every year, at the same period, we run one crazy night: the #ndhquals This night is about being one of the 10 teams who qualify for the Nuit du Hack Private. During this CTF, contestants are challenged by our team, but also each other. Monitoring, chatting on IRC, eating pizza and having fun shooting each other with Nerfs are not the only events that night. Our team prepares for months to provide you with the cleanest CTF possible, with tricky/funny/both hard and easy challenges. This year, Sysdream tried something new! A brand new organization for the “Project NDH”. New teams, new team leaders, new infrastructure, new test process, we are building a more professional CTF.

Lire la suite


Hack in Paris 2016 - Selected Trainers

We were proud to announce you the speakers, we are honored to present you the trainers!
Your patience has been rewarded! The booking for #HIP16 trainers is finally open!

Lire la suite