The Cybersecurity & Offensive Security Team (COS) of DEEP is made up of 8 passionate consultants.
Their practical and confirmed experience within offensive security field and red team operations with the mix of young talents and very experienced offsec experts allow them to offer the highest level of services for their customers using innovative approaches.
« The cybersecurity is not only our work, but also our passion, a passion that we want to share. Together we hit harder. »
This article is the second part of case study CVE-2022-46527 and will discuss the discovery of the vulnerability and a proof of concept leading to a crash
Published on
26 June 2023
Setting up the environment to scan IoT devices for vulnerabilities: Case of CVE-2022-46527
Published on
14 March 2023
How to exploit the vulnerability in Firefox 56 and 57 to get code execution
Published on
19 September 2022
Find out how to take advantage of the whole underflow vulnerability on Firefox 56 and 57
Published on
04 July 2022
This article is short story telling about one adversary simulation exercise we (POST CyberForce Offensive Security) performed.
Published on
08 March 2022
You might have seen the recent bug in iOS 14.0 to 14.4, that crashed the Wi-Fi service by naming an access point a specific way. Apple tagged this bug as a Denial of Service on the Wi-Fi service, but the Zecops [1] Research Team has shown proofs that it could be exploited, causing an RCE, and more precisely a Zero-Click RCE.
Published on
07 September 2021
As discussed in previous scenario, we prepared several raspberry devices with a 4G modem, allowing us to remotely control the device without requiring being in proximity for operation.
Published on
29 June 2021
Prior any actions, we focused on the payload crafting that will be used with our attack scenarios. We decided to go for PowerShell stageless reverse HTTPS payload that will be delivered using HTA dropper and then executed on the target machine.
Published on
20 April 2021
A Red Team engagement can be shortly described as a real-life targeted attack simulation. As a threat actor, it uses a blended approach through several facets of social engineering, physical intrusion, application/network penetration testing, targeted phishing campaign… simultaneously to reach some pre-defined objectives.
Published on
22 March 2021
Do you have any questions about an article? Do you need help solving your IT issues?
