Exploiting Windows 2008 Group Policy Preferences

Fri 20 January 2012 by trance

Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation. In this article, we show how this can be possible from a limited domain user account when specific Group Policy ...

read more

Playing with NFC for fun and coffee

Mon 28 November 2011 by trance

RFID (Radio Frequency IDentification) and NFC (Near Field Communication) technologies are more and more widespread in our daily life. They can be found in various fields such as access control, tracking systems (objects, animal), and vending machines. Security of these technologies has been the subject of various research work presented ...

read more

Solving Honynet's Mobile Malware Challenge

Sun 01 May 2011 by trance

Last month, Honeynet members released their last forensics challenge, entitled Mobile Malware. The goal was to analyze a malware installed on a smartphone. The ESEC pentest team won this challenge; our submission is available here. In the meanwhile, this post summarizes our findings as well as the methodology we used ...

read more