Blog posts
Ambionics / Web Exploitation

Hacking Root-Me: SPIP SQL injection leading to RCE (challenge)

Wed 12 January 2022

We identified a vulnerability in SPIP's SQL engine, which allowed us to access the backoffice of the hacking platform Root-Me.

Read more
Ambionics / Web Exploitation

PHP-FPM local root vulnerability (CVE-2021-21703)

Thu 21 October 2021

This article reveals a privilege escalation vulnerability affecting PHP-FPM.

Read more
Malware Analysis

DanaBot Communications Update

Mon 20 September 2021

This short blog post is about the minor changes introduced in the version 1987 of DanaBot.

Read more
Malware Analysis

Dridex Loader Analysis

Tue 06 April 2021

This article is a deep dive into the Dridex Loader

Read more
Ambionics / Web Exploitation

Laravel <= v8.4.2 debug mode: Remote code execution

Tue 12 January 2021

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Read more
Ambionics / Web Exploitation

Remote code execution on Sqreen: exploiting the microagent

Thu 19 November 2020

Ambionics Security team discovered a heap overflow that results in remote code execution on Sqreen's microagent.

Read more