Identity theft: Causes and Consequences of a Dreadful Threat

The mathematician Jean Sylvain Bailly had no idea how meaningful this sentence could still be today. Cybercriminals, for their part, seem to have integrated it perfectly well. Data breaches are one of the most important activities in some Dark web forums, and identity theft is undoubtedly among the most lucrative. Whether in an organized gang […]

When Java fails, the world shivers

On the 24th of November, Alibaba security expert Chen Zhaojun reported the vulnerability known as CVE-2021-44228. “Log4j” is an Open Source logging library deployed in cloud services and companies’ software. Since the 10th of December, “Log4Shell” has been picked up by all cyber media. Such popularity is explained by its CVSS score of 10. It […]

Cyber Gangs, the mafias of the future?

When it comes to innovation, cybercriminal gangs are known to be particularly gifted. Some are even close to “genius” as their tools are so elaborate, innovative and ingenious. But these gangs also know how to evolve their tactics, and recently, their organizational structures. Some behave like true multinational companies and, as in all such organizations, […]

Zerologon Vulnerability

A vulnerability named Zerologon, with the number CVE-2020-1472, has been made public on August 11, 2020 by Microsoft [1]. It impacts MS-NRPC [2], a protocol required for the proper operation of a Microsoft domain, and used by domain controllers (RODC [3] included). On September 11, 2020, an exploitation code and a white paper associated with […]

SIGRed vulnerability

A vulnerability named SIGRed and numbered CVE-2020-1350 was discovered in 2020 May by the Checkpoint Security Research Team. Risks Remote code execution Server compromission Data exfiltration SIGRed Vulnerability Affected systems The following server versions are affected (when the DNS service is activated): Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for […]

UPnP CallStranger vulnerability

A new critical vulnerability has been detected. It interferes in the UPnP (Universal Plug and Play) protocol directly affecting the majority of Internet of Things (IoT) devices. Risks Remote code execution Data exfiltration Involuntary participation in a DDoS attack UPnP CallStranger Vulnerability Affected Systems List of systems being updated whose vulnerability is confirmed: Windows 10 […]

RCE on PRTG Network Monitor – TEHTRIS PENTEST

Earlier this year, a TEHTRIS team has been mandated in order to conduct a remote pentest. The maturity level of the information system audited didn’t allow to identify any vulnerability directly exposed on the internet. TEHTRIS then decided to dig deeper into the only accessible component, the web interface of a known network monitoring software […]

Windows Type 1 Font Parsing RCE Vulnerability – Microsoft ADV200006

On the 23rd of March 2020, Microsoft has released an important security advisory concerning two critical flaws allowing a remote code execution (RCE). Theses flaws exists in the way that Windows Adobe Type Manager improperly handles some specially crafted fonts. They can be exploited by the opening of a malicious file containing one of these […]

CVE-2020-0601 / VULNERABILITY IN THE CRYPTOAPI OF WINDOWS (CRYPT32.DLL)

A spoofing vulnerability has been discovered in the way the Windows cryptographic library (crypt32.dll) validates certificates composed of elliptical curves (ECC). Successful exploitation of this flaw could lead to “man-in-the-middle” (MitM) attacks or decrypt confidential data. Only Windows 10, Windows Server 16 and 19 are affected by this vulnerability. Execution of a Trojan horse signed […]