by Alexandre Beaulieu | Oct 20, 2020
This post outlines the changes and new features that were added in the PyRDP 1.0 release and explores what is in store for future PyRDP development efforts. Over the last few years PyRDP has secured itself as a strong candidate for both offensive security engagements...
by Julien Pineault | Sep 3, 2020
At GoSecure, we work hard to illustrate the impact of our pentest findings on our clients’ security posture. In the past few years, we found numerous organizations with vulnerable Windows Server Update Services (WSUS) deployments. However, no tool (reliable enough to...
by Alexandre Beaulieu | Apr 6, 2020
Xamarin is a popular open-source and cross-platform mobile application development framework owned by Microsoft with more than 13M total downloads. This post describes how we analyzed an Android application developed in Xamarin that performed HTTP certificate pinning...
by Philippe Arteau | Jul 16, 2019
Last month, we presented at Hack In Paris (France) a XML External Entities (XXE) exploitation workshop. It showcase methods to exploit XXE with numerous obstacles. Today, we present our method to exploit XXEs with a local Document Type Declaration (DTD) file. More...
by Emilio Gonzalez | Dec 19, 2018
As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server. When...