Several XSS vulnerabilities have been found on several pages of the administration panel. Reflected XSS may lead to session hijacking on admin user.

Several vulnerabilities have been discovered between 2015, October and 2016, February.
Reported vulnerabilities are similar to those previously discovered by hyp3rlinx, although they concern different pages.
In brief, the flaws are of the following kinds: CSRF, XSS (reflected and stored), file upload and information disclosure. Most vulnerabilities need an administration access to the web application and may lead to personal information leakage or account take-over.

Lire la suite


Horsys is a human resource appliation, allowing the user to manage his profile, vacation, position title and other personnal data like address, phone number and so on.
The application runs on Windows and launches a web server. This product has been developped by Asys company.
We found that it is vulnerable to several vulnerabilities, which can lead to personal information leakage or account take-over.

Lire la suite


You wish to know more about the qualified team? So did we.
That's why we asked them to tell us more about them. And there we go. Every year, Sysdream is partner of the Nuit Du Hack to handle the private CTF. First, the team are being qualified during the #ndhquals who is a 24 hours CTF. They compete to be qualified for the Private CTF. This one is an amazing night, where they will be confronted to a full dedicate environment with a attack-defense game.

Lire la suite



A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files.

By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory :
wp-content/uploads/ithemes-security/backups

The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does NOT exists by default.

When running a backup, the ITSEC_Backup class creates the directory but without any .htaccess file inside. The same thing happens with log saving.

If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files.

Lire la suite


Every year, at the same period, we run one crazy night: the #ndhquals This night is about being one of the 10 teams who qualify for the Nuit du Hack Private. During this CTF, contestants are challenged by our team, but also each other. Monitoring, chatting on IRC, eating pizza and having fun shooting each other with Nerfs are not the only events that night. Our team prepares for months to provide you with the cleanest CTF possible, with tricky/funny/both hard and easy challenges. This year, Sysdream tried something new! A brand new organization for the “Project NDH”. New teams, new team leaders, new infrastructure, new test process, we are building a more professional CTF.

Lire la suite



La cyber sécurité regroupe l'ensemble des actions menées pour se prémunir des attaques et savoir réagir. Vol de données, systèmes piratés, cartes bancaires détournées, sites Web défigurés, production interrompue, aujourd'hui c'est près d'1% du PIB mondial qui est perdu lors de cyber attaques ...

Lire la suite


We received so much really good #CFP ! Thanks to all of you who submitted. It was very tough too decide. But we had to make a decision

We are proud to present you the 15 #speakers selected for #HIP16 ! Again, thanks to all of you! #thankyou

Lire la suite