OSCP resource gold mine 0xc0ffee.io/blog/OSCP-Gold…

ambionics.io/blog/php-mt-ra… Learn how we broke PHP's Mersenne Twister PRNG

SSRF? in a pdf? Oh yeah! My boy Ben Sadeghipour accidentally found a pretty sick bug and breaks down his and Sera Brocious bug that landed then a DEF CON talk last year in this video, if you’re into breaking pdf renders this ones for you! youtu.be/t5fB6OZsR6c #bugbounty #Pentesting

A Sandbox Escape was found on F5 BIG IP APM leading to an XSS on the portal, by whira from the Ambionics team : support.f5.com/csp/article/K7…

We are proud to announce Lexfo as our sponsor – thank you for helping us! You will be able to meet them at the #conferences and the trainings – don't miss them! #thc20 #infosec You can purchase your tickets here 👇 tickets.thcon.party/thc/20

Whitepaper: The Lazarus Constellation - A study on North-Korean malware blog.lexfo.fr/Lexfo-WhitePap… #Lazarus #malwareanalysis #apt #Lexfo #threatintel

The Lazarus Constellation, a study on North-Korean malware In this Whitepaper, Lexfo analyses Lazarus Malware, from their Motives, to their detection and mitigation, through their techniques, tactics, procedures : blog.lexfo.fr/Lexfo-WhitePap… #threatintelligence #malware #Lazarus

A penetration tester from Lexfo found and exploited a subtle bug during an assessment on a French Banking FTP service. Here is the story of this 0-day vulnerability research : blog.lexfo.fr/pentesting-pes… #binaryexploitation #0day

We are proud to announce that Charles Fol, from Анастасия Власенко's pentest team, will present "finding vBulletin 0-days through poor man's symbolic execution" at SSTIC 2020. More information about the talk here: sstic.org/2020/presentat…

Congratulations to brice berna for his 2nd place position in the SSTIC Challenge 2020! Can't wait for the upcoming edition of the conference!

RoguePotato - Another Windows Local Privilege Escalation from Service Account to System github.com/antonioCoco/Ro…

Wondering what to do with #LEIAbyH2LAB/#smartleia Checkout the Practical Guide to Differential Power Analysis of #USIM cards sstic.org/media/SSTIC201… and dont forget to back our project: kickstarter.com/projects/h2lab… #MILENAGE #SCA #SSTIC #hardware #openhardware

That’s all pentester /redteamer have to do before exploiting any vulnerability , know impact on the system ! Thanks Dirk-jan to clarify this point, its really didactic

New advisory is now out! Find out how an independent Security Researcher, Charles Fol (Charles Fol) used a UAF vulnerability in PHP to allow attackers that are able to run PHP code to escape disable_functions restrictions. ssd-disclosure.com/ssd-advisory-p…

Learn how Charles Fol from our Ambionics Security team, found and exploited a #PHP sandbox escape which was introduced in PHP 5.3, 11 years ago !

The importance of women in cybersecurity for innovation, investment and enrichment wearetechwomen.com/the-importance… CEFCYS

rpc2socks is a client-server solution developed by LEXFO that allows to drop and remotely run a custom RPC + SOCKS-through-SMB server application on a #Windows target, from a Unix or Windows host. The tool is open source and available here : github.com/lexfo/rpc2socks

#Symfony's secret fragments: Learn how a configuration problem leads to Remote code Execution on Symfony-based applications : ambionics.io/blog/symfony-s…

#Symfony's secret fragments: Learn how a configuration problem leads to Remote code Execution on Symfony-based applications : ambionics.io/blog/symfony-s…