Mon 19 October 2020
Remote code execution using Symfony's _fragment's page and unsecure secret values.
_fragment
secret
Fri 02 October 2020
This article is a deep dive into the IOCP and encryption process from LockBit in depth.
Tue 24 March 2020
This articles intends to bring an exploitation scenario encountered during a common penetration test.
Mon 09 March 2020
In this whitepaper, Lexfo analyses Lazarus malwares, from their motives, to their detection and mitigation, through their techniques, tactics, procedures.
Mon 06 January 2020
We demonstrate how one can recover mt_rand()'s seed with only two outputs and without any bruteforce.
mt_rand()
Fri 29 March 2019
Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability at a later time.
Check our offensive & continuous web security assessment service