Our Blog

Getting rid of pre- and post-conditions in NoSQL injections

Reading time: ~10 min
Posted by Reino Mostert on 02 September 2024
TL;DR: I found a cool way to get rid of pre-conditions in NOSQL syntax injections I have been investigating NoSQL...

make prs, not war

Reading time: ~8 min
Posted by Leon Jacobs on 08 July 2024
Categories: 2024, Art
Everyday we’re faced with a choice – some glaringly obvious, others more subtle. The choice to give, or to take,...

Dumping LSA secrets: a story about task decorrelation

Reading time: ~16 min
Posted by aurelien.chalot@orangecyberdefense.com on 03 July 2024
Categories: Edr, Lsa, Registry, Windows
While doing an internal assessment, I was able to compromise multiple computers and servers but wasn’t able to dump the...

From a GLPI patch bypass to RCE

Reading time: ~23 min
Posted by guilhem.rioux@orangecyberdefense.com on 20 June 2024
Categories: Research, Sqli, Lfi
Introduction GLPI is a popular software used by companies, mainly in France. GLPI is usually used for two main purposes....

Targeting an industrial protocol gateway

Reading time: ~20 min
Posted by claire.vacherot@orangecyberdefense.com on 30 May 2024
Categories: Industrial, Network, Cve, Network protocol, Research
Inside industrial systems (also known as Operational Technology, or OT), devices communicate with each other and can be accessed over...

Guest vs Null session on Windows

Reading time: ~9 min
Posted by aurelien.chalot@orangecyberdefense.com on 18 April 2024
Categories: Active directory, Guest, Null sessions, Windows
If you have been doing internal assessments on Active Directory infrastructure you may have heard the following words: “Null session”,...

From Discovery to Disclosure: ReCrystallize Server Vulnerabilities

Reading time: ~11 min
Posted by Paul van der Haas on 22 March 2024
Categories: Exploit, Vulnerability, Webapps, Cve-2024-26331, Cve-2024-28269, Web application
TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many problems, some of which...

Mail in the Middle – A tool to automate spear phishing campaigns

Reading time: ~15 min
Posted by Felipe Molina on 26 February 2024
Categories: Phishing, Tool, Typosquatting
Context In the chilly month of December 2023, my colleagues Jason (@BreakerOfSigns), Szymon (@TH3_GOAT_FARM3R), and myself (@felmoltor) were on a...

Deck of Cards CTF

Reading time: ~9 min
Posted by Jason Spencer on 19 February 2024
Categories: Ctf, Training
I created a small crypto style CTF for Black Hat last year (we’re training again this year, check our courses...

Serial PitM

Reading time: ~20 min
Posted by Rogan Dawes on 06 February 2024
Categories: Hardware, Mitm, Programming, Techniques, Tool
Sometimes you need to get in the way of a hardware device and its controller, and see what it has...

Sensecon 23: from Windows drivers to an almost fully working EDR

Reading time: ~54 min
Posted by aurelien.chalot@orangecyberdefense.com on 31 January 2024
Categories: Callbacks, Driver, Edr, Hooking, Kernel, Rootkit, Shellcodes, Ssdt, Winapi, Windows, Rootkits, Shellcode
TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint...