During a penetration test, we came across a Siemens ICS (Industrial Control System) / BMS (Building Management System) device and decided to study its custom HTTP component Two critical vulnerabilities were discovered and disclosed to Siemens ProductCERT blog.randorisec.fr/siemens-ozw-rc…

For the second edition of Off-By-One Conference, RandoriSec went to Singapore and attended this nice and welcoming conference. Thanks to all those involved in making this great event! Here is a blog post containing our feedback: blog.randorisec.fr/conference-off…

❤️RandoriSec is sponsoring the 2025 edition !

For the second time, we attended the legendary offensivecon — top-tier talks, flawless organization, and unforgettable parties. Huge thanks to the organizers; it truly lives up to the hype! You can find a quick review of what we liked the most. blog.randorisec.fr/conference-off…

It's time to start announcing our generous sponsors!  And we begin with a very faithful one, supporting us since the first edition: RandoriSec ⛩ To find out more about RandoriSec, visit their website at randorisec.fr

🚀 Shindan now supports Android! After many months of research and development, we’re proud to announce that Shindan SaaS and Shindan Desktop now offer Android security diagnostics — alongside our existing iOS capabilities. ✅ Diagnose your Android smartphones in complete

For the fourth time in a row, we’ve followed Pass the SALT Conference, a small but high quality conference dedicated to free software and security. And as usual, you can find a quick review of our favourite talks: blog.randorisec.fr/passthesalt-20…

Synacktiv 4e sponsor 🙏 Fondée en 2015 par des experts en sécurité des systèmes d’information, RandoriSec propose les services suivants: - Tests d'intrusion et audits de sécurité - Rétro ingénierie et recherche de vulnérabilités - Audit et analyses inforensiques de plateformes mobiles

🚀 Shindan Release Note 1.16.0 is here! ⬇️ This version brings some exciting updates across the board: ✨ A full rewrite of our processing pipeline — paving the way for the future Shindan SDK 🛡️ New IoCs & fresh STIX indicators for iOS & Android 📱 Improved parsers, matchers &

🚨 New blog post – DHCSpy: Discovering the Iranian APT MuddyWater In this article, R3dy , research apprentice at Shindan, breaks down the newly Android spyware DHCSpy, operated by the Iranian APT group MuddyWater, including: - How the malware disguises itself as a VPN app

First talk of the conference! We kick off with a small introduction by reno, and onto the keynote

Our team recently attended the RomHack Conference for the first time. We are pleased to share a review of our favorite presentations from the event: blog.randorisec.fr/romhack-2025/ #RomHack2025 cc Cyber Saiyan | RomHack Conference, Training, Camp

For the fourth time in a row, RandoriSec sponsored Hexacon, an offensive security event in Paris. Around ten researchers from RandoriSec attended the conference. As usual, you can find a quick review of the talks we liked. blog.randorisec.fr/conference-hex…

Red Team members, have you ever wondered how to extract access tokens from Microsoft Teams? blog.randorisec.fr/ms-teams-acces…