04 October 2018

This study maps the different actors involved in the supply chain behind the market for fake "likes": from botnets to reseller panels and customer-facing sellers. The findings are part of a two-year-long investigation that attempts to understand a botnet’s operations in its economic context: the industry of social media fraud. They will be presented at the Virus Bulletin conference, taking place in Montreal on October 3rd and 5th, 2018.

 

April 21, 2016

As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so.  Lansweeper is an inventory software that scans your network in order to gather system information such as patch level, network interfaces, resources status, etc.   We were fairly surprised during this test when we were able to access Lansweeper 5's dashboard with a regular user account. 

April 05, 2016

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year!

March 22, 2016

As a follow-up to the conference given at Confoo few weeks ago, we are doing a focus article on the same topic. The presentation was giving an overview of the modern XSS attack vectors and filter bypass. In this blog post, we will take a closer look at XSS in the context of .NET applications.

This article is intended to be a simple checklist for ASP.net MVC developers or security auditors. Defensive measures can be put in place at various layers including the template files (Razor or ASPx Forms), the Request Validation feature and the client-side (browser) filters.