Blog

We are looking for a new colleague!

News Jobs

We are currently hiring a Researcher in Cyberdefense to work on the project Using blockchain to secure the software supply chain.

Read
Adv-Bot: Realistic Adversarial Botnet Attacks against Network Intrusion Detection Systems

Publication Offensive Security

Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems.

Read
Cyber Security Challenge : Congrats!!

CSC News

Congratulations to the team Royal Military Hackademy who won the Cyber Security Challenge 2023!

Read
SQLMap : additional techniques

Offensive Security Cylab Play

In a previous blog post, we have explained what SQL injection is, and how to exploit it using sqlmap. In this blog post, we will show some additional techniques: how to exploit web applications that use clean URLs, how to exploit a POSTed form, how to hide traces etc.

Read
Cyber Security Challenge : Qualifiers

CSC News

The qualifiers of the Cyber Security Challenge 2023 took place last week-end. Congratulations to the teams from the Royal Military Academy and the Université Libre de Bruxelles who ranked 1st, 4th and 5th, out of almost 300 participating teams!

Read
Web shells and the dangers of unrestricted file upload

Cylab Play Offensive Security

In previous blog posts, we have already illustrated two web application vulnerabilities: brute force login cracking and SQL injection. In this post we illustrate a 3rd vulnerability, unrestricted file upload, and show how it can be exploited using a web shell.

Read
Crack a login page : the easy way

Offensive Security Cylab Play

In this blog post, we will show that a login page from a web application can be easily cracked if the application does not implement specific protections against this kind of attack.

Read
SQL injection with SQLMap

Offensive Security Cylab Play PHP

Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.

Read
2022 in numbers

News

Another year has passed, with once again some achievements! Here is 2022@cylab.be...

Read
Filter USB devices with udev (and some PHP code)

Sysadmin PHP

USB devices can be a liability : they can be used to exfiltrate data from a computer or server, to plug a hardware keylogger, or to plant a malware. Hence on a managed computer, USB devices should be filtered and whitelisted. In this blog post we show how this can be achieved thanks to udev, and some PHP code.

Read
Network traffic analysis with Python, Scapy (and some Machine Learning)

Python Monitoring

Scapy is a wonderful Python library that allows to craft packets and send them on a network. In this blog post we show how Scapy can be used to read a pcap file, in order to detect abnormal behavior.

Read
Install and use different versions of PHP

PHP Sysadmin

When working on different projects, you may have to switch between different versions of PHP. In this blog post we show how to install and use different versions PHP on Ubuntu.

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept