XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)

Wed 14 June 2023

A pre-authentication remote code execution on Fortigate SSL VPN was discovered by Lexfo (CVE-2023-27997).

Read more

CVE-2023-27997 - Forensics short notice for XORtigate

Tue 13 June 2023

Some feedbacks on what we observed in Forensics with the Pre-auth RCE on Fortigate VPN (CVE-2023-27997) in our test environment.

Read more
Post Exploitation


Fri 24 March 2023

Sshimpanzee, a reverse SSH tool with encapsulation feature.

Read more

Cobalt Strike Investigation - Part 2

Thu 09 March 2023

This second part will focus on the 'jump' command in Cobalt Strike, used to establish a connection from a compromised system to the command and control (C2) server.

Read more

Cobalt Strike Investigation Part 1

Tue 20 September 2022

Cobalt Strike Investigation - Part 1

Read more

Obfuscated obfuscation

Mon 11 April 2022

This article is a step-by-step guide to reverse an APK protected with DexGuard using Jadx

Read more