My research on WatchGuard Firebox/XTM firewalls, that yielded pre-auth Remote Code Execution as root, will be available on Ambionics Security next week (CVE-2022-31789, CVE-2022-31790). watchguard.com/wgrd-psirt/adv…

Learn how we discovered 5 distinct vulnerabilities on WatchGuard #Firebox/#XTM firewalls, and obtained a pre-auth Remote Code Execution as root #0day (CVE-2022-31789, CVE-2022-31790). ambionics.io/blog/hacking-w…

A few months ago, we reported a pre-auth Remote Code Execution #RCE vulnerability to vBulletin. The exploitation of this unserialize() bug was tricky, as vBulletin classes are not deserialisable. Discover the exploitation in our latest blogpost: ambionics.io/blog/vbulletin…

My latest research which completely breaks trust transitivity, enjoy :-) exploit.ph/external-trust…

Introducing sshimpanzee, a reverse shell made by Titouan Lazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate blog.lexfo.fr/xortigate-cve-…

Details of #xortigate, CVE-2023-27997, a pre-authentication SSL VPN exploit targeting #Fortigate appliances. Patch your #Fortinet VPN.

This was a fun one! The vulnerability has been found and exploited during the timeframe of one of our Red Team engagements and allowed us to compromise our target entirely. Happy patch week! #xortigate

Following our blogpost on #xortigate, here are some Forensics findings we observed during the exploitation of #CVE-2023-27997 on our test labs. This may help you with future #DFIR engagements: blog.lexfo.fr/Forensics-xort…

Here's an educational POC for #xortigate (CVE-2023-27997). I'll cover the vulnerability at Hexacon this Saturday, and BlackAlps a few days later! github.com/lexfo/xortigat…

"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃

New blog: Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes. Some tips and tricks on abusing TAPs for Windows Hello persistence and NT hash recovery over Cloud Kerberos Trust. dirkjanm.io/lateral-moveme…

🌟 Showcasing the brilliant innovators in the OVHcloud Startup Program: 🦴 #ORTHOSAFE SAS 👶#CALD | Crèche A La Demande 👣 🚲 Mobeta 🌐 #Webcapsule 🎯 Pickaw 🌍 IKI Proud to support these startups as they pave the way forward! #Tech #Innovation #Sustainability

Nouvel article technique concernant les comptes machines dans Active Directory. Découvrez comment ils sont exploités et comment s’en protéger dans notre dernier blog post : mobeta.fr/active-directo… #cybersecurity #pentest #activedirectory

Retrouvez Mobeta au #ForumINCYBER sur l’espace innovation pour discuter, cybersécurité, pentest ainsi que de notre solution Rigma, l'assistant à la remédiation des audits. Stand F17-8

Arthur Le Corguillé et Antoine Morin seront sur l’espace FIC talks et interviendront à 10h50. Au programme de notre pitch « Pentest terminé… et maintenant ? » #ForumINCYBER

Nouvel article sur Azure : comment les attaquants étendent leur accès après un phishing Azure en 2025 mobeta.fr/etat-de-lart-s…

Guide pour relayer NTLM sur HTTP – l’exemple de GLPI - Arthur Le Corguillé mobeta.fr/guide-pour-rel…

Dès demain, nous serons à l’ECW à Rennes au stand S11. Si vous passez, arrêtez-vous quelques minutes, les deux cofondateurs de Mobeta vous montreront comment on repense le modèle du pentest. European Cyber Week

🚨 New exploit released 🚨 Converts limited PHP code execution into WordPress administrator account creation & login. CVE-2025-13486 (ACF Extended) 🔗 github.com/whattheslime/C…