Technical blog

Optistream technical entries

10th June 2024

SecurEnvoy MFA CVE-2024-37393

#securenvoy #2fa #zerotrust #vulnerability #ldap #injection #activedirectory

Optistream identified critical vulnerabilities within SecurEnvoy MFA 9.4.513, a widely used Zero Trust solution that provides two-factor authentication (2FA) to third-party softwares.
Optistream responsibly disclosed the issues to the vendor and helped at fixing them. We present a detailed workthrough of our study in the attacker point of view.

27th May 2024

RedTeam tales 0x1: Soapy XXE

#xxe #soap #injection #web #vulnerability #redteam

First in our series of redteam tales where we show exploitation of an error-based XXE within a SOAP web service during a client engagement.

4th March 2024

FortiGate firmware analysis

#fortinet #firmware #vulnerability #reverseengineering

While Fortinet products vulnerabilities lastly raised, we shed light on FortiGate internals analysis.
We give tools to help at delving into these vulnerabilities by analyzing firmware to help customers strengthen their security.

PRODUIT

Valeur Produit Différenciation Recette secrète

A PROPOS

Contact Mention légale et protection des données FAQ