About this blog
Hey there, this is FrizN, yet another (French) security enthusiast.
I have worked in most facets of offensive security in France, Switzerland and Australia, and nowadays focus on research. I am interested in all things security and CS-related but my heart lies with native stuff, namely reversing and exploitation.
As you may see from the articles on this blog, I played CTFs with 0daysober, including for 3 Defcon finals. I rarely get spare weekends nowadays sadly, hence the lack of fresh content. Anyway, this so-called blog is just a little place for me to put articles about CTF challenges and other stuff I might happen to find cool or interesting.
I'll also shamelessly use this page to do a smallish inventory of what I have published and generally not blogged about. Nothing groundbreaking, but always happy to chat about any of this :)
- CVE-2018-19647: unauth root RCE in BMC Remedy Action Request System
- CVE-2018-7264: more RCEs akin to ZDI-16-354 in ActivePDF (all fixed this time)
- CVE-2017-12785, CVE-2017-12786, CVE-2017-12787: unauth root RCEs (non-default config) and CLI breakout to root in NoviFlow switches
- Cloud age: where local vulnerabilies go remote: talk at the 1st Unrestcon (Melbourne, 2016) on the discovery and exploitation of ZDI-16-354 (and how it could have been patched)
- CVE-2016-4322: unauth remote privileged recursive directory copy in BMC Server Automation
- ZDI-16-354: ActivePDF RCE 0-day, file format vuln with odd exploit pathways, fixed ~a year and a half after public disclosure
- CVE-2016-0411: LPE in Oracle Enterprise Management agent
- CVE-2015-7393, CVE-2015-7394: LPEs in F5 BIG-IP dcoep CGI and datastor kernel module (noted during that work that authed root RCE is a feature in BIG-IP)
- CVE-2015-4873: LPE in Oracle database scheduler
- CVE-2015-3316, CVE-2015-3317, CVE-2015-3318: LPEs in CA Technologies Common Services
- Sophos PureMessage < 6.2.1 unauth RCE (forgot ref and release notes are gone)
- Glibc Adventures: The Forgotten Chunks: whitepaper on exploiting limited overflows in the glibc heap (example is actually from CVE-2015-3317)
- CVE-2015-1619: encoded (i.e. works through XSS filters) reflected XSS in McAfee Email Gateway
I hope you find something worth reading!