Blog posts
Ambionics / Web Exploitation

Remote code execution on Sqreen: exploiting the microagent

Thu 19 November 2020

Ambionics Security team discovered a heap overflow that results in remote code execution on Sqreen's microagent.

Read more
Ambionics / Web Exploitation

Secret fragments: Remote code execution on Symfony based websites

Mon 19 October 2020

Remote code execution using Symfony's _fragment's page and unsecure secret values.

Read more
Malware Analysis

Lockbit analysis

Fri 02 October 2020

This article is a deep dive into the IOCP and encryption process from LockBit in depth.

Read more
Binary Exploitation

Pentesting a banking FTP service

Tue 24 March 2020

This articles intends to bring an exploitation scenario encountered during a common penetration test.

Read more
Malware Analysis

Whitepaper: The Lazarus Constellation - A study on North-Korean malware

Mon 09 March 2020

In this whitepaper, Lexfo analyses Lazarus malwares, from their motives, to their detection and mitigation, through their techniques, tactics, procedures.

Read more
Ambionics / Web Exploitation

Breaking PHP's mt_rand() with 2 values and no bruteforce

Mon 06 January 2020

We demonstrate how one can recover mt_rand()'s seed with only two outputs and without any bruteforce.

Read more