Plus qu'un jeu ou une compétition

À la manière des compétitions sportives, symbolisées par le « fair play », le respect, la cohésion d'équipe, les tournois électroniques occupent aujourd'hui une place importante dans la vie des communautés. Sports électroniques et autres disciplines confondues, le « fair play » n'est pas systématiquement au rendez-vous mais la bonne humeur est généralement de circonstance, de même qu'un esprit partagé : progresser dans de nombreux domaines et repousser les limites...

Lire la suite


Hack in Paris – The backstage

Welcome to you, reader of this paper. Come with us, and live Hack in Paris as we did! Discover the backstage of this event. Let’s put some light on the shadow of this week...

Lire la suite


FOG is a free, open source, computer cloning and management solution.
We found several vulnerabilities in Fog, a free and open source computer cloning and management solution : a SQL injection (CVSS 9.3) and an unauthenticated remote command execution vulnerability (CVSS 10).
As a solution, the vendor recommends using the beta/development builds, instead of the 1.2.0 stable release.

Lire la suite


Several XSS vulnerabilities have been found on several pages of the administration panel. Reflected XSS may lead to session hijacking on admin user.

Several vulnerabilities have been discovered between 2015, October and 2016, February.
Reported vulnerabilities are similar to those previously discovered by hyp3rlinx, although they concern different pages.
In brief, the flaws are of the following kinds: CSRF, XSS (reflected and stored), file upload and information disclosure. Most vulnerabilities need an administration access to the web application and may lead to personal information leakage or account take-over.

Lire la suite


Horsys is a human resource appliation, allowing the user to manage his profile, vacation, position title and other personnal data like address, phone number and so on.
The application runs on Windows and launches a web server. This product has been developped by Asys company.
We found that it is vulnerable to several vulnerabilities, which can lead to personal information leakage or account take-over.

Lire la suite


You wish to know more about the qualified team? So did we.
That's why we asked them to tell us more about them. And there we go. Every year, Sysdream is partner of the Nuit Du Hack to handle the private CTF. First, the team are being qualified during the #ndhquals who is a 24 hours CTF. They compete to be qualified for the Private CTF. This one is an amazing night, where they will be confronted to a full dedicate environment with a attack-defense game.

Lire la suite



A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files.

By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory :
wp-content/uploads/ithemes-security/backups

The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does NOT exists by default.

When running a backup, the ITSEC_Backup class creates the directory but without any .htaccess file inside. The same thing happens with log saving.

If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files.

Lire la suite


Every year, at the same period, we run one crazy night: the #ndhquals This night is about being one of the 10 teams who qualify for the Nuit du Hack Private. During this CTF, contestants are challenged by our team, but also each other. Monitoring, chatting on IRC, eating pizza and having fun shooting each other with Nerfs are not the only events that night. Our team prepares for months to provide you with the cleanest CTF possible, with tricky/funny/both hard and easy challenges. This year, Sysdream tried something new! A brand new organization for the “Project NDH”. New teams, new team leaders, new infrastructure, new test process, we are building a more professional CTF.

Lire la suite