http://www.tehtri-security.comTEHTRI-Security : Technology,Ethical,Hacker,Trust,Robust,Information,SecurityTEHTRI-Securityen http://blog.tehtri-security.com/2012/01/gmail-app-security-issues-on.html Sat, 28 Jan 2012 12:00:00 +0100 TEHTRIS published humble thoughts related to vulnerabilities of Gmail App for iPhone/iPad/iPod. Emails, contacts, etc, are cached in cleartext on the i-device. Moreover, authentication data, like some famous cookies, are not stored through secure Keychains capabilities, which can lead to Gmail hijacking issues. Read our blog for more information. By the way, many applications from the Apple Store are vulnerable.TECH http://www.kb.cert.org/vuls/id/584363 Fri, 21 Nov 2011 18:00:00 +0100 The US-CERT released a vulnerability note VU#584363 explaining that the Zenprise Device Manager software is susceptible to a cross-site request forgery (CSRF) vulnerability that may result in the compromise of the fleet of mobile devices managed by the product. Thanks to our exploits, a skilled attacker could get the control of a complete fleet of iPad, BlackBerry, Android, iPhones, Windows Mobile, Symbian, etc. Some of our exploits could lead to a shred of the whole fleet of devices. Others could help at spying on the end-users of these phones and tablets. According to TEHTRI-Security, many big companies using Mobile Device Management tools could be attacked through these kind of vectors, because of lack of technical skilled penetration tests.TECH http://support.apple.com/kb/HT4999 Thu, 13 Oct 2011 10:00:00 +0100 TEHTRI-Security found a vulnerability on iPod/iPhone/iPad [CVE-2011-3434]. Indeed, WiFi credentials were logged to a local file, including passphrases and encryption keys. This was readable by applications on the system. Apple resolved this problem by avoiding logging these credentials. You should definitely update your devices. This patch is available for iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad. We only shared complete issues with Apple support. Some details were shared with our attendees of SyScan Singapore 2011 and HITB Amsterdam 2011. If you want more 0days and exploits, you should definitely register to our next trainings (BlackHat AD, HITB India, etc). TECH http://www.spip-contrib.net/SPIP-1-9-2k-2-0-16-2-1-11-et-3-0-0-beta-disponibles Sat, 1 Oct 2011 11:50:00 +0100 Our CTO, Laurent ESTIEUX, discovered two vulnerabilities in a well-known CMS product named SPIP : a local path disclosure (all SPIP version) + an SQL injection (SPIP 1.9.2 branch). As Tehtri-Security is engaged in a responsible disclosure policy, technical information were notified to the SPIP-Team for fixes. SPIP is now patched and latest version can be downloaded at http://www.spip.net/en_article5265.html TECH http://gsec.hitb.org/?p=134 Thu, 22 Sep 2011 11:30:00 +0100 Join us at the India's Premier Global IT Security Conference next year. This will definitely be the place to be with some of the most influential thinkers in the security industry and India's leading CxO's. There, we will give a tremendous new training, called "Strategic cyber attacks, Advanced Persistent Threats and beyond". This will be the time to show and explain why every sensitive places get hacked in this cyber world, and how attackers work to steal data or destroy infrastructures. More information in the future. Stay tuned...DATE http://www.tehtri-security.com Tue, 20 Sep 2011 20:00:00 +0100 During a penetration test, TEHTRI-Security found local and remote security issues in a product that is currently used to ensure 24x7 availabity and load balancing for military applications, as well as high availability in airports for air traffic control, plus banking or medical services, etc. As we created 0days that could be used to attack all those networks, we directly contacted the vendor to improve the security of their customers. With our exploits, the final effect could be a remote admin access on the infrastructure. TECH http://en.wikipedia.org/wiki/Mobile_device_management Tue, 13 Sep 2011 15:30:00 +0100 To handle the awesome use of smartphones, large-scale companies and organizations came to MDM, Mobile Device Management. This allows to manage, to monitor and to secure a mobile fleet (more or less easily). Troubles might happen when remote attackers get an illegal access on the MDM, as this could lead to opportunities like locating employees, wiping phones/tablets, stealing data, etc. We recently discovered multiple vulnerabilities (0days) in some MDM clients and servers. To give an example, we found security flaws on iPhone/iPad clients, and on control panel of some MDM products (stealing remote credentials, XSRF, LDAP injection, remote wipe of the entire fleet, network protocol issues, etc). We strongly recommend to launch advanced technical penetration tests and to create an architecture that might apply containment and detection to follow potential future intruders. TECH http://www.facebook.com/pages/TEHTRI-Security/287375552822?sk=app_190322544333196 Mon, 12 Sep 2011 15:30:00 +0100 Evil Facebook users could craft special web pages on facebook.com/* in order to abuse some end-users, thanks to the use of Iframe loading external web resources. This could potentially lead to privacy issues, phishing attempts, XSS/CSRF and client-side attacks. We shared humble demonstrations as a proof of concepts.TECH http://blog.tehtri-security.com/2011/08/googleplus-reader-privacy-checker.html Sat, 10 Sep 2011 11:00:00 +0100 Google patched its Google+ App for iPhone (6th Sep 2011). They silently fixed the privacy vulnerability explained on our blog. Upgrade to version 1.0.3.2124 if you want to avoid attacks with evil G+ profiles that can either track you or play with client-side weapons against your phone.TECH http://fb.com/iphone/ Sun, 21 Aug 2011 14:30:00 +0100 We recently discovered that Facebook patched its iPhone App without sharing any credit and without any advisory. They just silently fixed a vulnerability found by TEHTRI-Security. This one was only shared with the attendees during our talk at HITB Amsterdam 2011. And the proof of concept was only shared with Facebook and Apple support. Apple recently told us that the vulnerability was fixed by Facebook around July. This does explains why we had no news from Facebook. Disclose or not disclose, that's not a question, anymore.TECH http://blog.tehtri-security.com/2011/08/googleplus-reader-privacy-checker.html Sat, 13 Aug 2011 21:00:00 +0100 Some Google Plus readers might reveal technical information and IP addresses while reading specially crafted G+ profiles with malicious behaviors. This could be used to commit targetted attacks against some G+ end users or to track them. More information on our blog.TECH http://conference.hackinthebox.org/hitbsecconf2011ams/materials/D1T2%20-%20Laurent%20Oudot%20-%20Extracting%20Senstive%20Data%20from%20Your%20iPhone.pdf Thu, 19 May 2011 16:30:00 +0100 Our slides from HITB Amsterdam 2011 are now available on HITB web site. We gave examples of new concepts of attacks in the iPhone world. For example we explained how fishing attacks could be done with telephone calls, and how to hijack a local application of the iPhone (with a demo where we have stolen the Facebook password, or Twitter or Paypal...). We also played with new fuzzing possibilities that helped at crashing some applications (FaceBook, Twitter). Finally, we gave a proof of concept to do a remote detection of a jailbroken device... We got many positive feedbacks and questions by emails, etc..TECH http://www.tehtri-security.com/SYSCAN-SG-2011_OUDOT-TEHTRI-Security.pdf Fri, 29 Apr 2011 22:20:00 +0100 Feel free to read our slides from SyScan Singapore 2011. It's all about hacking stuff like web clients, smartphones, etc. We also explained our tricks to hack the famous iPhone file, called consolidated.db thanks to TRIGGERS, which is now used by other researchers.TECH http://blog.tehtri-security.com/2011/04/disabling-iphone-tracking-do-it.html Mon, 25 Apr 2011 22:40:00 +0100 Quick notes related to iPhone location tracking and how to hack the infamous consolidated.db file thanks to SQL TRIGGERS injected inside it. More information available through our Blog. Join us at SyScan Singapore this week, or at HITB Europe next month. TECH http://blog.tehtri-security.com/2011/03/quick-blackberry-security-check.html Sat, 19 Mar 2011 12:00:00 +0100 Come and try our quick security checker for your BlackBerry device. Just point your BlackBerry browser to http://tehtris.com/bbcheck and read the results. More information available through our Blog. TECH http://blog.tehtri-security.com/2011/03/about-iphone-ios43-personal-hotspot.html Mon, 7 Mar 2011 12:50:00 +0100 Tiny security advisory plus technical thoughts related to a quick test made with the iPhone iOS 4.3 that should be available soon.TECH http://bit.ly/f0imUgSun, 23 Jan 2011 06:50:00 +0100Read the very latest version of our slides from our talk at BlackHat DC 2011, dealing with attacks against web clients, especially RIM, Apple, HTC and Google stuff, but not only.TECH http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/Fri, 21 Jan 2011 07:46:00 +0100Gartner: thoughts related to TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".NEWS http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html Fri, 21 Jan 2011 07:45:00 +0100 NetworkWorld: new article dealing with TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".NEWShttp://www.networkworld.com/news/2011/011911-black-hat-mobile-attacks.html Fri, 21 Jan 2011 07:44:00 +0100NetworkWorld: new article dealing with TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".NEWS http://www.blackberry.com/btsc/KB24841 Wed, 19 Jan 2011 18:10:00 +0100 TEHTRI-Security found a vulnerability on BlackBerry devices. This security issue was patched by RIM, with an official advisory displayed recently on their site. Basically, when a BlackBerry device user browses to a malformed web page, the BlackBerry browser application consumes sufficient resources to make the BlackBerry device appear unresponsive. Check CVE-2010-2599.TECH http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html Wed, 19 Jan 2011 10:15:00 +0100 TEHTRI-Security gave a talk yesterday during BlackHat Briefings in Washington DC. We explained how we found some 0days against some devices (Apple, RIM, Android, HTC...) with client-side attacks. We got an awesome surprise for the attendees, with experts from RIM who came and explained how they mitigated the vulnerability we found, thanks to a worldwide patch, etc.DATE http://support.apple.com/kb/HT4455 Tue, 4 Jan 2011 07:05:00 +0100 CVE-ID: CVE-1010-1752, Available for: Safari 5.0.3 and Safari 4.1.3, on platforms Windows 7, Vista, XP SP2 or later -- Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.TECH http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot Thu, 2 Dec 2010 18:00:00 +0100 TEHTRI-Security will give a talk at the next BlackHat in Washington DC. Our briefing will be called "Inglourious Hackerds: Targeting Web Clients". There, we will disclose many interesting tricks, exploits, 0days, etc, related to attacks that can occur against web clients for many devices and web browsers.DATE http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=274 Sat, 20 Nov 2010 14:00:00 +0100 TEHTRI-Security will propose this offensive training to help administrators and IT Security staff who want to hunt down web attackers. It will contain plenty of cutting-edge hands-on exercices and 0days. During HITB Malaysia 2010, we gave this training, and the room was almost full, with students from Fortune 500, Government Agencies, etc. So, register quickly and join us in Amsterdam, Netherlands, during Hack In The Box HITBSecConf 2011. There, we will release some of our self-defense cyber weapons with 0days there...DATE http://support.apple.com/kb/HT4435 Thu, 11 Nov 2010 14:00:00 +0100 CVE-ID: CVE-2010-1752, Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4 -- Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.TECH http://www.baidu.com/search/spider.htm Tue, 2 Nov 2010 11:11:00 +0100 TEHTRI-Security found security issues related to Baidu products. This one deals with Baiduspider. Baidu company contactedTECH http://www.apple.com/safari/ Sun, 24 Oct 2010 14:25:00 +0100 TEHTRI-Security found a stack overflow in Safari for Windows (latest version 5.0.2 - 7533.18.5) from Apple Inc. IT Security crew from Apple contacted with an example of exploit plus a description (Vulnerable DLL, etc). This is a client-side attack against this web browser, without the interaction of the end-user (once the evil web page is loaded). No detail shared out of the Apple team.TECH http://blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html#Oudot Sat, 23 Oct 2010 20:25:00 +0100 TEHTRI-Security will be part of Black-Hat Abu Dhabi 2010 for a new talk called "Extrusion and Web Hacking". We will focus on real threats and security issues related to extrusion, by explaining how attackers try to get a stealth control or an evil interaction of a remote web resource (real life covert channel, stealth bounces, etc).DATE http://developer.android.com/resources/faq/security.html Fri, 22 Oct 2010 20:00:01 +0100 TEHTRI-Security Lab: Vulnerability found on Android product. Application: Gmail - com.google.android.gm. Google Security Team contacted.TECH http://developer.android.com/resources/faq/security.html Fri, 22 Oct 2010 20:00:00 +0100 TEHTRI-Security Lab: Vulnerability found on Android product. Application: Browser - com.android.browser. Google Security Team contacted.TECH http://support.apple.com/kb/HT1318 Wed, 20 Oct 2010 18:00:00 +0100 TEHTRI-Security was recently added twice on an article that provides credit to people who have reported potential security issues in Apple.com web servers.NEWS http://conference.hackinthebox.org/hitbsecconf2010kul/?page_id=274 Tue, 7 Sep 2010 14:00:00 +0100 TEHTRI-Security will give a new offensive training to help administrators and IT Security staff to hunt down web attackers, with plenty of cutting-edge hands-on exercices. So join us in Kuala Lumpur, Malaysia, during Hack In The Box HITBSecConf 2010. We will release some of our self-defense cyber weapons with 0days there...DATE http://conference.hackinthebox.org/hitbsecconf2010kul/?page_id=1034 Tue, 7 Sep 2010 14:00:00 +0100 The goal of this talk is to have a deep look at some recent web attacks that occured over the Internet, especially those that were used to target a huge number of people. Thanks to special forensics operations, we will be able to bring code used by attackers to get an access, to keep control, and to commit cyber crimes. Place : Kuala Lumpur, Malaysia, HITBSecConf 2010. DATEhttp://support.apple.com/kb/HT4225Sat, 3 Jul 2010 08:33:00 +0100TEHTRI-Security found a stack overflow in CFNetwork, through the code used to handle URL. By visiting a maliciously crafted website, we found that it might lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by Apple through improved memory handling. Apple has given credit to TEHTRI-Security on their site for reporting this issue, as we provided the 0day directly to them, so that the security of their customers could be improved. This has been released to the public for the first time during Hack In The Box Europe.TECHhttp://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdfSat, 3 Jul 2010 08:32:00 +0100During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the BlackBerry. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches. Everything is in the hands of BlackBerry who are already working to fix this vulnerability.TECHhttp://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdfSat, 3 Jul 2010 08:31:00 +0100During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the HTC. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches.TECHhttp://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdfSat, 3 Jul 2010 08:30:00 +0100During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the iPad. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches. A live demo was given. Everything is in the hands of Apple who are already working to fix this vulnerability.TECHhttp://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdfSat, 3 Jul 2010 08:29:00 +0100During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the ThalysNet Internet service offered to 500000 end users in Europe. This service has many vulnerabilities and people in the train might be attacked. Read our slides if you want more details. ThalysNet was contacted.TECHhttp://news.bbc.co.uk/2/hi/technology/10349001.stmFri, 18 Jun 2010 18:00:00 +0100 BBC News has just released an article about our recent works, in their Technology category.NEWShttp://www.theregister.co.uk/2010/06/17/exploiting_online_attackers/Fri, 18 Jun 2010 11:00:00 +0100 Dan Goodin in San Francisco, working for The Register, asked us many questions about our talk of SyScan Singapore. He wrote an article called: Researcher shows how to strike back at web assailants.NEWS http://www.syscan.org/Sg/program.html Thu, 17 Jun 2010 16:00:00 +0100 Today, during our humble new talk at SyScan 2010 Singapore, we have just released many 0days and new offensive concepts against most of the tools used by attackers currently, like web shells, exploit packs, etc. We have given new methods to counter-strike people with our new exploits giving you remote shells, remote SQL injection, permanent XSS and dangerous XSRF. We have shown how to identify, exploit or destroy attackers using those kind of tools. For example, we gave some of our 0days against known tools like Sniper Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit Pack, Neon Exploit Pack, Yes Exploit Pack... This was a way to explain that you can react when you are under attack. We hope that this will open new way to think about IT Security worldwide, and that it might help people sometimes. Do not hesitate to contact TEHTRI-Security if you need technical assistance with experts who know how work cyber conflicts for real, which is totally different from people who just do research in labs.NEWS http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called NEON. Remote and pre-authentication 0day. Permanent XSS and XSRF against the administrators in the admin panel. It can be used to steal cookies of authentication of the evil admins, to destroy their databases used for attack management, to identify the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called NEON. Remote and pre-authentication 0day. SQL Injection in index.php done as a fake victim with HTTP_REFERER. You can add evil content in the admin interface used by the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called YES. Remote and pre-authentication 0day. Remote file disclosure in handler.php, that allows you to get the admin password of this evil tool with a special 2 phases HTTP attack.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called YES. Remote and pre-authentication 0day. Permanent XSS and XSRF against the administrators in the admin panel, /admin/index.php. It can be used to steal cookies of authentication of the evil admins, to destroy their databases used for attack management, to identify the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called YES. Remote and pre-authentication 0day. SQL Injection done as a fake victim in load.php GET argument stat. You can add evil content in the admin interface used by the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called LuckySploit. Remote and pre-authentication 0day. This gives you a remote control of the broken box, by allowing you to execute PHP code with a two phases attack. It can be used to counter-strike evil intruders, to destroy their databases used for attack management, to identify them, etc. Remote shell obtained with only two HTTP request.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Eleonore. Remote and pre-authentication 0day. Permanent XSS and XSRF against the administrators in the admin panel. It can be used to steal cookies of authentication of the evil admins, to destroy their databases used for attack management, to identify the attackers…TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Liberty. Remote and pre-authentication 0day. SQL Injection done as a fake victim in index.php and update.php done with HTTP_REFERER. You can add evil content in the admin interface used by the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Eleonore. Remote and pre-authentication 0day. SQL injection in getexe.php. It can be used to destroy the database used by the evil admins through an unprotected update query.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Eleonore. Remote and pre-authentication 0day. XSRF against the administrators in the admin panel. It can be used to destroy the database used by the evil admins.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Eleonore. Remote and pre-authentication 0day. Permanent XSS against the administrators in the admin panel. It can be used to steal cookies of authentication of the evil admins…TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the exploit pack called Eleonore. Remote and pre-authentication 0day. SQL Injection done as a fake victim in index.php main file with HTTP_REFERER. You can add evil content in the admin interface used by the attackers, etc.TECH http://www.tehtri-security.com/en/services.php Thu, 17 Jun 2010 16:00:00 +0100 We just released this new 0day against the backdoor Sniper_SA. Remote and pre-authentication 0day. Local File Disclosure in sniper.php main file against HTTP POST argument Sniper_SA. You can grab the local MD5 admin hash used by the attackers, etc.TECH http://www.syscan.org/Sg/program.html Wed, 2 Jun 2010 11:00:00 +0100 Mid-June 2010, TEHTRI-Security will be at SyScan Singapore for an outstanding conference. There, we will release more than 13 0days against many different products (yes, 13 zero days...). We will also propose multiple generic technical solutions that might help white hats when they want to counter-strike most exploits packs systems and web attackers. And before we conclude, we wil also offer a complete web based botnet tracking and destruction. It's time to get rid of those threats, and to show that there are other non-standard solutions when you are under attack. Stay tuned...DATE http://conference.hackinthebox.org/hitbsecconf2010ams/?page_id=830 Tue, 11 May 2010 14:00:00 +0100 TEHTRI-Security will be at HITBSecConf Amsterdam 2010 for a new talk. It will be time to play around threats targetting web clients, on well known services as well as for in-depth hacking operations. For example, we will talk about attacks on remote compromised LAN, hotspots, etc.DATE http://www.syscan.org/Sg/program.html Sat, 1 May 2010 23:00:00 +0100 TEHTRI-Security will be at SyScan 2010 Singapore for an innovative talk called: Striking back web attackers. It will be time for white-hats to find new ways to protect themselves once they are under attack by evil intruders. The best defense is a good offense. Get more information on SyScan.orgDATEhttps://www.hackinthebox.org/misc/HITB-Ezine-Issue-002.pdf#page=42Thu, 22 Apr 2010 21:00:00 +0100 Editor-in-Chief Zarul Shahrin Suhaimi made an interview of TEHTRI-Security. Check this issue number 2 of HITB Magazine, and find out what we think about IT Security, on page 42...NEWShttp://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74Wed, 21 Apr 2010 12:20:00 +0100Transform Horde as a Nmap-like scanner. Remote exploit, pre-authentication. Most versions. Issue in plugin called IMP. Page 74 on our slides.TECHhttp://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69Wed, 21 Apr 2010 12:15:00 +0100Transform Squirrelmail as a Nmap-like scanner. Remote exploit, post-authentication. Most versions. Issue in default plugin called mail_fetch. Page 69 on our slides.TECHhttp://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdfWed, 21 Apr 2010 11:30:00 +0100 If you want to enjoy what we presented during HITBSecConf Dubai 2010, follow this link and read our slides. Our goal was to give a 1 hour overview about how web attackers behave to remain stealth on a network they were able to break-in...NEWShttp://conference.hackinthebox.org/hitbsecconf2010dxb/?page_id=680Thu, 15 Apr 2010 20:00:00 +0100 We remind you that next 21st April, TEHTRI-Security will talk about web security, during this presentation: "Silent Steps: Improving the Stealthiness of Web Hacking". Our talk will include in particular: Funny 0-days against widely deployed web applications, new technical method and thoughts for web attackers to improve their stealthiness during an intrusion and how to detect them, a global analysis of fingerprints left by attackers during each step of a web attack (backdoors, bounces...) and how to mitigate those attacks... See you soon at HITBSecConf Dubai...DATEhttp://www.tehtri-security.com/en/trainings.php?t=cansecwest-2010Tue, 02 Mar 2010 23:00:00 +0100Our Security Master's Dojo course that will occur during next Cansecwest 2010 (22-23 March 2010) has been updated and is available here. This session aims at providing a hands-on focused PHP Hacking experience. After this course, you will really know how attackers work and move through PHP hax0ring so that they can jump deeper down to your networks. This training will end with a final amazing exercise through a step by step live hacking simulation. It will help students at coming back to offensive and defensive hands-on actions seen during the whole day, thanks to a complete information warfare operation.DATEhttp://conference.hackinthebox.org/hitbsecconf2010dxb/?page_id=680Mon, 22 Feb 2010 14:00:00 +0100"Web and Stealth Hacking": TEHTRI-Security talk will aim at covering web hacking and stealth issues, showing how security staff and attackers play some kind of hide and seek war-games on the Internet from time to time. Before concluding, we will also introduce new offensive concepts that demonstrate how attackers like pentesters, blackhats, etc, can be helped to become stealthier on the wire, so that defenders understand some kind of limitations of the current situation and tools.DATEhttp://conference.hackinthebox.org/hitbsecconf2010dxb/?page_id=680Sun, 21 Feb 2010 23:00:00 +0100TEHTRI-Security will give a presentation during next HITBSecConf in Dubai. This international event, organized in Dubai by "Hack In The Box", will offer technical interesting talks during a 2-days Deep Knowledge Security Conference, next 21st and 22nd April 2010. Come and join us...DATEhttp://www.tehtri-security.comFri, 19 Feb 2010 02:00:00 +0100We've just uploaded the new version of our web site. Enjoy.NEWShttp://www.apple.comThu, 18 Feb 2010 19:20:00 +0100TEHTRI-Security Lab : Vulnerability found in iPhone product, latest firmware (Safari issue). Report sent to Apple.TECHhttp://www.apple.comThu, 18 Feb 2010 19:15:00 +0100TEHTRI-Security Lab : Vulnerability found in iPhone product, latest firmware (Safari issue). Report sent to Apple.TECHhttp://www.apple.comThu, 18 Feb 2010 19:10:00 +0100TEHTRI-Security Lab : Vulnerability found in iPhone product, latest firmware (Safari issue). Report sent to Apple.TECHhttp://www.apple.comThu, 18 Feb 2010 00:20:00 +0100TEHTRI-Security Lab : Vulnerability found in iPhone product, latest firmware (Mail APP issue). Report sent to Apple.TECHhttp://www.apple.comWed, 17 Feb 2010 22:30:00 +0100TEHTRI-Security Lab : New Vulnerability found in iPhone product, latest firmware (Safari issue). Report sent to Apple.TECHhttp://www.apple.comWed, 17 Feb 2010 01:30:00 +0100TEHTRI-Security Lab : Vulnerability found in iPhone product, latest firmware (Safari issue). Report sent to Apple.TECHhttp://www.tehtri-security.comTue, 16 Feb 2010 18:00:00 +0100As we are extensive users of the amazing iPhone product, and that sometimes we got some strange behaviours, we decided to look at iPhone security with quick checks, thanks to our fuzzing tech.TECHhttp://www.tehtri-security.comMon, 15 Feb 2010 17:00:00 +0100We have just finished an internal fuzzing application with web technologies (PHP...) that will allow us to test web clients securityTECHhttp://cansecwest.com/dojophp.htmlThu, 4 Feb 2010 22:53:00 +0100Full program of the training given in Vancouver, is now available on Cansecwest Conference web siteDATEhttp://twitter.com/tehtrisThu, 4 Feb 2010 22:30:00 +0100You may follow us on Twitter too, where we just created our accountNEWShttp://cansecwest.com/dojo.htmlMon, 25 Jan 2010 00:00:01 +0100Canada/Vancouver : A security training will be given at the Master Security Dojo, Cansecwest 2010, 22-26 March 2010, about : Advanced PHP HackingDATEhttp://www.acunetix.comWed, 20 Jan 2010 13:38:00 +0100TEHTRI-Security Lab : Vulnerability found in Acunetix Scanner. First report sent to Acunetix. Status: Under discussion with AcunetixTECHhttp://www.apple.comMon, 18 Jan 2010 00:51:00 +0100TEHTRI-Security Lab : Vulnerability found in Apple MacOSX. First report sent to Apple. Status: Under discussion with AppleTECH