Read SolarWine's writeup for Hack-A-Sat finals and find out how to regain control of the satellite 🛰️, repair the sabotaged payload and finally take a shot of the moon!

SplDoublyLinkedList::offsetUnset exploit. This vulnerability appeared in #PHP 5.3, and was still here in PHP 8! If you're interested in PHP exploitation, check the exploit: I had to trigger the bug a lot of times to increment a UAF'ed zend_string.len.

rpc2socks is a client-server solution developed by LEXFO that allows to drop and remotely run a custom RPC + SOCKS-through-SMB server application on a #Windows target, from a Unix or Windows host. The tool is open source and available here : github.com/lexfo/rpc2socks

#Symfony's secret fragments: Learn how a configuration problem leads to Remote code Execution on Symfony-based applications : ambionics.io/blog/symfony-s…

RCE on symfony with default secret key !

Our Ambionics / Lexfo team chained a few bugs on Sqreen's microagent to get remote code execution on some Sqreen-protected servers. Learn how we found and exploited the vulnerabilities: ambionics.io/blog/sqreen-rce

You don't want to play ball? Sometimes you don't have to! Read how Sylvain recovers pin state from BGA casings with minimal equipment: synacktiv.com/publications/p…

Learn how we exploited a tricky #vulnerability to get remote code execution on #Laravel #php framework, when in debug mode. ambionics.io/blog/laravel-d…

New blogpost by Lexfo about #Danabot #Malware. Since the last blog post from Proofpoint about the version 4 of DanaBot, the new samples available integrate minor changes. This blogpost is about the differences spot between those different versions. blog.lexfo.fr/danabot-malwar…

Since the title of my upcoming talk at Sthack got leaked, there's not much point hiding it anymore: I will present a Privilege Escalation bug affecting PHP-FPM. It will get patched in the upcoming days. Blogpost will follow.

Thank you Sthack 2021 for this great event ! Our researcher Charles Fol showed how he exploited two vulnerabilities to escalate his privileges to root on #PHP-FPM. Details of the exploitation will soon follow on Ambionics Security' blog.

Tomorrow, #php 8.0.12 gets released, patching CVE-2021-21703. This is a Local Root vulnerability on PHP-FPM. If you're using #nginx and PHP, you ARE using PHP-FPM. If you're using #apache, you MIGHT BE using PHP-FPM. Patch your systems.

Read the details about #CVE-2021-21703 on our Ambionics' blog, a 10 year-old Local Root vulnerability affecting PHP-FPM, #PHP FastCGI's server. PHP-FPM is often used with major HTTPd servers such as #NGINX and #Apache. ambionics.io/blog/php-fpm-l…

Stay tuned !

New blogpost available ! This article is a step-by-step guide to #reverse an APK protected with #DexGuard using Jadx : blog.lexfo.fr/dexguard.html

Learn how we discovered 5 distinct vulnerabilities on WatchGuard #Firebox/#XTM firewalls, and obtained a pre-auth Remote Code Execution as root #0day (CVE-2022-31789, CVE-2022-31790). ambionics.io/blog/hacking-w…

Introducing sshimpanzee, a reverse shell made by Titouan Lazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate blog.lexfo.fr/xortigate-cve-…

First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! lock.cmpxchg8b.com/zenbleed.html

🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → blog.lexfo.fr/wso2.html #cybersecurity #infosec #offensivesecurity #pentest #WSO2