2020w44 Security News digest

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to

Posted in News

OWASP tools – Juice-Shop

I have discovered OWASP Juice-shop recently and I found it as a quite interesting tool to train/challenge ourself. Why is that? it is the first “broken tool” I have found with recent technologies (Angular, Node.js …) which will help to

Posted in Security for Web Developpers, Tools Tagged with: , ,

2020w43 Security News digest


New Chrome 0-day Under Active Attacks – Update Your Browser Now If you are using Google Chrome, update it ASAP, a zero-day was found in the Freetype library. CVE Related CVE-2020-15999. Source: https://thehackernews.com/2020/10/chrome-zeroday-attacks.html French IT outsourcer Sopra Steria hit by

Posted in News Tagged with: ,

Vault 7 leak – Year 0 release

A new leak from wikileaks expose CIA usage of tools and techniques to spy on citizens.

What I will be writing about in these article speaks about Year 0 release (March 2017).

Posted in News Tagged with: , ,

Twitter Counter Hack

Earlier this week, lots of twitter account started publishing unwanted messages.

Victims of this attack were quite famous twitter account such as Graham Cluley, Amnesty International and so much more…

Posted in News Tagged with: , ,

Upgrade synology DS409 to DSM6

I have bought an DS409 a few years ago and I felt quite disappointed not to get every update brought by DSM 5 then 6. One easy solution would be to buy a new NAS but, to be honnest, my

Posted in Hacks

SCRT challenge

This challenge is linked to a job offer, the article has only been published once the offer has been put offline. Here is the challenge (originally in French): During an Android phone analysis, we have found the following file “secfile.enc”.

Posted in Challenges Tagged with: , , , , , ,

SQL Injection

SQL Injection is quite a common vulnerabilities, well known by most experienced developpers but still not managed correctly in lots of applications/websites. To see the number of vulnerabilities and the systems impacted, you can have a look at: cvedetails.com/sql-injection The

Posted in Vulnerabilities explained Tagged with: ,

HTTP Response Splitting

HTTP response splitting is a form of HTTP header injection, the goal is to force the server to inject our own HTTP header in the response. The principles HTTP request or response are based on the same principle:   Where

Posted in Vulnerabilities explained Tagged with:

Security Awareness for Developer Part 2: Setup a Security Lab

Right now, we know what is our goal, but we need to setup the security lab containing OWASPBWA for free and cross plateform (tested on Ubuntu and Windows 7). Prerequisites are (links are provided in the detail below): Virtualization software

Posted in Security for Web Developpers Tagged with: , , , , , ,