Barb’hack 2022: Leveraging PHP Local File Inclusion to achieve universal RCE

For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…

CDT Watch – September 2022

FOCUS TECH MAUI Sources: https://www.cisa.gov/uscert/ncas/alerts/aa22-187a https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/   Ransomware Activity Presentation of the figures collected by our tool on the data given by the RaaS platforms about their successful attacks. This graph gives an estimation of the number of victims…

CDT Watch – June 2022

FOCUS TECH Bumblebee     Initial Access (TA0001) Execution (TA0002) Persistence (TA0003) Privilege Escalation (TA0004) Phishing: Spearphishing Attachment T1566.001 Command and Scripting Interpreter: Visual Basic T1059.005 Scheduled Task/Job T1053 Process Injection: Dynamic-link Library Injection T1055.001 Phishing: Spearphishing Link T1566.002 Windows Management Instrumentation…

Back to top