Time-efficient assessment of open-source projects for Red Teamers

Loading
Loading Click here to add:
Add to notification list

It is more and more common to face opensource projects during Red Team engagements. Due to time and efficiency constraints related to such assessments, it is always enjoyable to discover “quick-win” 0day vulnerabilities that will allow progressing in the intrusion and pivoting to critical networks or services. In this talk, we try to describe a methodology that allowed us to quickly discover numerous critical vulnerabilities in a widely-adopted project, GLPI. We will also discuss these findings and the security mechanisms that were implemented and how they were defeated.

Speakers

Thomas Chauchefoin (Synacktiv), Julien Szlamowicz (Synacktiv)

Bio

Thomas and Julien are two security researchers working at Synacktiv. They are mostly interested in web security and they had the possibility to practice it during several years of penetration testing and red team engagements.