14 février 2018

A shattered terminal screen with ./chaos written on itWe found a backdoor that uses network sniffing to provide a reverse shell. Additionally, it fully encrypts and integrity checks it network traffic with session keys. It was first presented at GoSec 2017 in Montreal and was found using a new honeypot SSH tool.

This backdoor was first used in 2012 as part of the 'sebd' rootkit but seems to have been reactivated within the scope of a rising botnet.

 

31 janvier 2018

Last Saturday, January 27th, the New York Times published a detailed article on the sales of automated likes and follows by an American company called Demuvi. The news article relates to the research we’ve conducted on the botnet Linux/Moose and the ego market it is thriving in. This blog post contextualizes the New York Times’ article with our own experience. 

 

24 janvier 2018

This article is an opinionated essay on why you should be using Kotlin to build Burp extensions. It provides an overview of the main language features with code samples.

10 janvier 2018

Privilege "escalation"The latest VMware Horizon vulnerability is via an attack vector that shouldn't be overlooked: bad Windows process handles management. In this article, you will find all the details around CVE-2017-4946 which was discovered and exploited by Martin Lemay during a pentest engagement.