SSD Advisory–D-Link DSL-6850U多个漏洞

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要

以下安全公告描述了在D-Link DSL-6850U BZ_1.00.01 – BZ_1.00.09中的发现的两个漏洞。

D-Link DSL-6850U是一款“以色列Bezeq制造的路由器”,在这款路由器中发现的漏洞是:

  • 默认凭证
  • 远程命令执行

Continue reading SSD Advisory–D-Link DSL-6850U多个漏洞

Know your community – Sergi Alvarez AKA Pancake

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

The creator of Radare2, vulnerability researcher, chef and a family man – meet Sergi Alvarez also known as Pancake!

Continue reading Know your community – Sergi Alvarez AKA Pancake

SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes four (4) vulnerabilities found in Livebox Fibra router version AR_LBFIBRA\_sp-00.03.04.112S. It is possible to chain the vulnerabilities into remote code execution.

The “Livebox Fibra” router is “manufactured by Arcadyan for Orange and Jazztel in Spain”

The vulnerabilities found in Arcadyan routers are:

  • Unauthenticated configuration information leak
  • Hard-coded credentials
  • Memory leak
  • Stack buffer Overflow

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Arcadyan and Orange were informed of the vulnerabilities and patched them.
Continue reading SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

Happy New Year – 2018

Happy new year everyone!

Hope you had the chance to celebrate and think about all the good things that happened to you in 2017.

We have a nice surprise for you – this link is worth 1,000$ USD !*

*You don’t need to hack the website, the money is out there in the link*

We also have some new updates for you:
beVX Conference

Beyond Security with VX will have the first all offensive security conference in Hong Kong – beVX Conference.

The conference will take place at Hong Kong (we will announce the venue in the next couple of weeks)

What we will have in the conference?

  • One full day of workshop on vulnerability research and exploit development
  • One full day of lectures on vulnerability research and exploit development
  • Hack2Win eXtreme with hundreds of thousands of dollars of prizes

Stay tune for more details!

Conferences:

  • Offensivecon (Berlin, Germany, 16-17 February 2018)
  • CanSecWest (Vancouver, Canada, 14-16 March 2018)
  • Nopcon (Istanbul, Turkey, 3 May 2018)

We provide free entry tickets, up to 1000$ in flights and accommodation to our security researchers community!

Also, if you plan to attend (and even if you don’t need the ticket or reimbursement) let me know so that I can look for you and say hello.

If any of you guys are interested in attending drop me an email.

We also started to look for 2018 Q2 conferences. If you know about inserting conference – email me.

Friend refer a friend program
We had a great year of 2017 with our friends program and have therefore decided to improve it and make the benefit much bigger, if you refer us a new researcher and he will start working with us on Operating systems / Mobile / Web Browsers – you will get 10,000$ USD.

For other vulnerabilities – you will get 1,000$ USD.

Once again – Happy new year!