Sogeti ESEC Pentest

Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation. In this article, we show how this can be possible from a limited domain user account when specific Group Policy Preferences (GPP) are deployed.

RFID (Radio Frequency IDentification) and NFC (Near Field Communication) technologies are more and more widespread in our daily life. They can be found in various fields such as access control, tracking systems (objects, animal), and vending machines. Security of these technologies has been the subject of various research work presented and illustrated at conferences like HAR2009, DefCon and Hack.lu. This article is a practical introduction to NFC security by showing how one could abuse a RFID coffee machine. For evident reasons, we will disclose neither the name of the vendor, nor sensitive technical details such as authentication keys. This work has been done for research purpose only, and shall not be used for profit.