Linux penetration testing

Offensive Security

Code: DAP/22-E01


Start: October 2021

End: October 2022

The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.

Adv-Bot: Realistic Adversarial Botnet Attacks against Network Intrusion Detection Systems

Publication Offensive Security

Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems.

SQLMap : additional techniques

Offensive Security Cylab Play

In a previous blog post, we have explained what SQL injection is, and how to exploit it using sqlmap. In this blog post, we will show some additional techniques: how to exploit web applications that use clean URLs, how to exploit a POSTed form, how to hide traces etc.

Web shells and the dangers of unrestricted file upload

Cylab Play Offensive Security

In previous blog posts, we have already illustrated two web application vulnerabilities: brute force login cracking and SQL injection. In this post we illustrate a 3rd vulnerability, unrestricted file upload, and show how it can be exploited using a web shell.

Crack a login page : the easy way

Offensive Security Cylab Play

In this blog post, we will show that a login page from a web application can be easily cracked if the application does not implement specific protections against this kind of attack.

This website uses cookies. More information about the use of cookies is available in the cookies policy.