Select Page

Fixer – Fix Protocol Fuzzing Tool

Our latest adventures took us to the magical world of… FIX protocols! The Financial Information eXchange (FIX) protocol manages the processing of real-time exchanged information within Financial Markets. It was originally authored in 1992 and became very famous...

Pre-Auth MySQL remote DOS (Integer Overflow)

MySQL server is affected by a remote DoS attack, which could be exploited by a remote unauthenticated attacker to cause a loss of availability on the targeted service. The issue has been verified to affect 5.6.X branch up to 5.6.35 and 5.7.X branch up to 5.7.17. It is...

Firewall against firewall – bypassing an IPS

In this post we are going to explain how we used iptables to bypass an Intrusion Prevention System during a recent penetration test. During the first phase of a penetration test on a /24 network, we started performing routinary network port scan to identify available...

SPARTA 1.0 BETA released

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his/her toolkit and by...

Tunna v1.1a SOCKS!

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. Due to popular demand, in this new version, Tunna (v1.1a) can be set up to be a local SOCKS proxy, that will accept any TCP traffic and send over to the webserver using HTTP requests....

Reverse Engineer Router Firmware – Part 2

This part of the tutorial will focus on how to inspect all the different executables that you may find within the firmware using emulation software QEMU and then how to modify the firmware to get a root shell on the router. If you have not already done the first...