A propos du blog
Salut, moi c'est FrizN, un français lambda qui fait de la sécurité.
J'ai travaillé dans à peu près toutes les facettes de l'offensif en France, en Suisse et en Australie et de nos jours je suis plutôt centré sur la recherche. Je suis intéressé par à peu près tout ce qui touche à la sécurité, mais je suis plutôt centré sur le reverse et l'exploitation bas niveau quand même. Probablement un peu feignant quand même, d'où le fait que n'aie pas traduit le reste de cette page :p
As you may see from the articles on this blog, I played CTFs with 0daysober, including for 3 Defcon finals. But I rarely get spare weekends nowadays, hence the lack of fresh content. Anyway, this so-called blog is just a little place for me to put articles about CTF challenges and other stuff I might happen to find cool or interesting.
I'll also shamelessly use this page to do a smallish inventory of what I have published and generally not blogged about. Nothing groundbreaking, but always happy to chat about any of this :)
- CVE-2018-19647: unauth root RCE in BMC Remedy Action Request System
- CVE-2018-7264: more RCEs akin to ZDI-16-354 in ActivePDF (all fixed this time)
- CVE-2017-12785, CVE-2017-12786, CVE-2017-12787: unauth root RCEs (non-default config) and CLI breakout to root in NoviFlow switches
- Cloud age: where local vulnerabilies go remote: talk at the 1st Unrestcon (Melbourne, 2016) on the discovery and exploitation of ZDI-16-354 (and how it could have been patched)
- CVE-2016-4322: unauth remote privileged recursive directory copy in BMC Server Automation
- ZDI-16-354: ActivePDF RCE 0-day, file format vuln with odd exploit pathways, fixed ~a year and a half after public disclosure
- CVE-2016-0411: LPE in Oracle Enterprise Management agent
- CVE-2015-7393, CVE-2015-7394: LPEs in F5 BIG-IP dcoep CGI and datastor kernel module (noted during that work that authed root RCE is a feature in BIG-IP)
- CVE-2015-4873: LPE in Oracle database scheduler
- CVE-2015-3316, CVE-2015-3317, CVE-2015-3318: LPEs in CA Technologies Common Services
- Sophos PureMessage < 6.2.1 unauth RCE (forgot ref and release notes are gone)
- Glibc Adventures: The Forgotten Chunks: whitepaper on exploiting limited overflows in the glibc heap (example is actually from CVE-2015-3317)
- CVE-2015-1619: encoded (i.e. works through XSS filters) reflected XSS in McAfee Email Gateway
I hope you find something worth reading!