by Alexandre Beaulieu | Apr 6, 2020
Xamarin is a popular open-source and cross-platform mobile application development framework owned by Microsoft with more than 13M total downloads. This post describes how we analyzed an Android application developed in Xamarin that performed HTTP certificate pinning...
by Philippe Arteau | Jul 16, 2019
Last month, we presented at Hack In Paris (France) a XML External Entities (XXE) exploitation workshop. It showcase methods to exploit XXE with numerous obstacles. Today, we present our method to exploit XXEs with a local Document Type Declaration (DTD) file. More...
by Emilio Gonzalez | Dec 19, 2018
As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server. When...
by Benoit Cote-Jodoin | Sep 6, 2018
Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of...
by Leanne Dutil | Jul 10, 2018
This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing...
FR