Ajablog

BGGP4 Writeup: Compiled Python (PYC) Dissection and Forgery across versions

Published on 2023-09-21, by Ajabep
Tags: writeup, BGGP

Writeup of my submissions for the Binary Golf Grand Prix 4 (2023).

Read this article →

The anarchist, French cops and LUKS

Published on 2023-01-28, edited on 2023-01-28, by Ajabep
Tags: analysis, luks

I tried to analyze the madness about LUKS being broken by French cops.

Read this article →

Repair a bike frame — 101

Published on 2022-10-24, edited on 2022-11-04, by Ajabep
Tags: feedback, bike

Is it possible (and fair) to repair a bike frame? How to repair it? What kind of welding doing?

Read this article →

Crypto of a NF&A2P** certified alarm system.

Published on 2022-04-18, by Ajabep
Tags: writeup, vulnerability, crypto

Details of the cryto stuff I've helped to break on a NF&A2P** certified alarm system.

Read this article →

[CVE-2020-10945] Centreon Session ID Exposure

Published on 2020-05-13, by Ajabep
Tags: writeup, vulnerability

Originally posted on the blog of the company where I work; I found a session ID exposure on Centron.

Read this article →

[CVE-2020-10946] Several Cross-Site Scripting (XSS) vulnerabilities in Centreon

Published on 2020-05-13, by Ajabep
Tags: writeup, vulnerability

Originaly posted on the blog of the company where I work; With a collegue, we found several XSS on Centreon.

Read this article →

PHP sessions, public directory and isolation

Published on 2018-11-05, by Ajabep
Tags: writeup, vulnerability

Alwaysdata, a hosting company, recently fixed a vulnerability. Indeed, they stored PHP sessions in a shared directory. This allowed an attacker to know PHP sessions ID, without their content, and in which account it has been used.

Read this article →