In our last Assume Breach engagement, the client gave us a domain-joined computer and a VPN access telling it was the only option to access the internal domain. Other computers would be able to access to some resources using specific…
Author: Jean Marsault
Yesterday, the team YoloSw4g from Wavestone's Cybersecurity practice took part in the 2022 Defcamp CTF finals. Defcamp is one of the top cybersecurity conference in Europe and every edition is hosted in Bucharest, Romania. Wavestone had the opportunity to play…
For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…
Overview Spring is a lightweight opensource application framework for Java. It allows for easy development and testing of Java applications. Spring is used to create Java enterprise applications. It provides means to build applications and supports different scenarios.…
Due to the ever-growing use of certificates in modern applications, a large number of Active Directory infrastructures make use of Public Key Infrastructures (PKI) features. These features are provided by Certification Authorities (CA) which are either external to Active Directory…
Issus de la génération ayant connu le minitel, le bas-débit et les écrans cathodiques, l'équipe formant l'association RTFM a grandi avec une passion pour la technologie et les sujets qui s'y rattachent. L'objectif de l'association est de créer un…