La Nuit du Hack s’est déroulée du 24 au 25 Juin 2017. L’événement, qui accueillait cette année 2000 participants, a encore une fois été ponctué par différents challenges qui se sont succédés tout au long de la nuit. Parmi eux, un CTF privé créé et encadré par Sysdream. Retour sur ce dernier challenge phare de la 15e édition de la Nuit du Hack.

Lire la suite





After this intensive 24 hours of competition, some of you released very good writeups. We would like to complete this by adding the missing one and give a solution to those who are still waiting for them.

Lire la suite


Organisé par Sysdream, l’événement Hack In Paris réunit, du 19 au 23 juin 2017, les grands noms de la sécurité informatique et des experts techniques, autour de formations et de conférences exclusivement en anglais.

Cet événement international, dédié aux professionels, se tiendra cette année au centre de convention de l'Hôtel New Port Bay - Disneyland Paris.

Lire la suite



EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found an SQL injection vulnerability in the authenticated part of the application.

Successful exploitation would lead to a complete database dump by any logged user, even with low privileges, thus exposing confidential data.

Lire la suite


EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found a vulnerability caused by incorrect filtering of inbound parameters of the Web component.

It leads to remote code execution. In other words, an attacker exploiting this vulnerability could retrieve a remote shell (e.g. /bin/bash) on the operating system of the target.

Lire la suite


We found vulnerabilities on Riverbed appliance, and specifically in the way the secure vault is protecting TLS private keys.

Such appliances are often found in sensitive environments, where they compress network traffic between end-points. When communications are protected with TLS, such appliance need to decrypt the traffic with the server's private key. Basically, they intercept the traffic in a Man-in-The-Middle position.

Thus, private key storage confidentiality and integrity is critical.

Riverbed

Lire la suite