Nog maar 22 uur tot OrangeCon! ⏰ Onze ethische hackers Daan Keuper en Thijs Alkemade staan op het podium met een presentatie over hun gevonden kwetsbaarheden in laadpalen. Ben jij er morgen ook bij? pretalx.com/orangecon-2024… #HackersCommunity #CyberSecurity

Last but not least: de 3e technische write up over onze gevonden kwetsbaarheden in een #laadpaal, dit keer de Autel MaxiCharger. ⤵️ sector7.computest.nl/post/2024-08-p… Onderzoek naar de beveiliging van laadsystemen is gedaan door onze ethische hackers Daan Keuper, Thijs Alkemade en Khaled Nassar.

We have published the third and final writeup of our #Pwn2Own EV charger exploits: the Autel MaxiCharger! Unlike the other two, this one had authentication on the Bluetooth functionality! …but that had a “backdoor”. 😅 sector7.computest.nl/post/2024-08-p…

Onderzoekers: Autel MaxiCharger laadpaal bevatte authenticatie-backdoor #securitynl security.nl/posting/856913…

🍊 OrangeCon 2024 was an absolute blast! 🧡🎉 The videos are now live! 🎥 (Re)watch your favourite talks, and get all the juicy details on our YouTube channel: youtube.com/@OrangeCon #OrangeCon #conference #education #cybersecurity

Are you interested in targeting the Autel MaxiCharger in the upcoming Pwn2Own Automotive? We've just published our script for deobfuscating Autel's firmware files: gist.github.com/sector7-nl/3fc… #Autel #Pwn2Own #Pwn2OwnAutomotive

Boom! Daan Keuper (Daan Keuper), Thijs Alkemade (Thijs Alkemade), and Khaled Nassar (Khaled Nassar) from Computest Sector 7 (Sector 7) took no time in executing their SOHO smashup - going from the QNAP QHora-322 to the TrueNAS Mini X. TThey're off to the disclosure room. #Pwn2Own

We were absolutely sure all of our bugs would dupe, because we were the 7th SOHO smash-up and many others had the same 2 targets. But they’re all unique! 🥳 I would be quite worried if I had a QNAP router. 🙃 #Pwn2Own

👀👀

Arrived in Hamburg for #38c3! 😊

The SonicOS bug being exploited (CVE-2024-53704) was reported through the Trend ZDI program as ZDI-25-012. It was submitted by Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security. If you haven't already, patch now. zerodayinitiative.com/advisories/ZDI…

Had a blast hanging out with Thijs Alkemade and Daan Keuper, not as colleagues, but because they're two of the best folks I've ever met and worked with 🙏 Thanks for all the good times at Sector 7, gents! And now, time for a short break before the next chapter ✌️