Airbus security lab was previously known as, in chronological order:
- EADS CCR security lab
- EADS Innovation Works (IW) security lab
- Airbus Group Innovations security lab
Find all our tools on Github: https://github.com/airbus-seclab/.
2023
Publications
-
Analyse de sécurité de NetBackup, logiciel de gestion de sauvegardes by Nicolas Devillers, Jean-Romain Garnier, Anaïs Gantet, Mouad Abouhali and Benoît Camredon at SSTIC : Slides , video
Articles
2022
Publications
-
The unavoidable pain of backups: security deep-dive into the internals of NetBackup by Nicolas Devillers, Jean-Romain Garnier, Anaïs Gantet, Mouad Abouhali and Benoît Camredon at Hexacon: Slides (PDF, ODP) , Video
Vulnerabilities
- BMC Truesight Server Automation (RSCD) local privilege escalation: BMC advisories 1 2 3
- BMC Truesight Server Automation (RSCD) default password for the BladeLogicRSCDDC user: BMC advisories 1 2 3
- Netbackup Primary/Media Server:
-
VTS22-004 (CVE-2022-36984,
CVE-2022-36985,
CVE-2022-36987,
CVE-2022-36988,
CVE-2022-36989,
CVE-2022-36990,
CVE-2022-36991,
CVE-2022-36992,
CVE-2022-36993,
CVE-2022-36994,
CVE-2022-36995,
CVE-2022-36996,
CVE-2022-36997,
CVE-2022-36998,
CVE-2022-36999,
CVE-2022-37000)
-
VTS22-010 (CVE-2022-42306, CVE-2022-42308)
-
VTS22-011 (CVE-2022-42302, CVE-2022-42303, CVE-2022-42304)
-
VTS22-012 (CVE-2022-42299, CVE-2022-42305, CVE-2022-42307)
-
VTS22-013 (CVE-2022-42300, CVE-2022-42301)
- NetBackup Client:
- NetBackup OpsCenter: VTS22-009 (CVE-2022-36948,
CVE-2022-36949,
CVE-2022-36950,
CVE-2022-36951,
CVE-2022-36953,
CVE-2022-36954,
CVE-2022-23457)
2021
Publications
-
Attacking Xerox multi function printers by Raphaël Rigo at INFILTRATE: Slides, Video
-
GUSTAVE: Fuzz It Like It’s App by Stéphane Duverger and Anaïs Gantet at DMU Cyber Week: Slides
-
HPE iLO 5 security – Go home cryptoprocessor, you’re drunk! by Alexandre Gazet (Airbus), Fabien Perigaud (Synacktiv) and Joffrey Czarny at SSTIC: Slides , Article , Video
-
HPE iLO 5 security – Go home cryptoprocessor, you’re drunk! by Alexandre Gazet (Airbus), Fabien Perigaud (Synacktiv) and Joffrey Czarny at Black Hat USA: Slides
Articles
- A blog post series on QEMU Internals by Stéphane Duverger: Blog
- Getting the maximum of your C compiler, for security: Page
Vulnerabilities
-
GEA1_break: Implementation of the key recovery attack against GEA-1 keys (Eurocrypt 2021)
-
BinCAT: v1.2 released
2020
Publications
-
Sécurité des infrastructures basées sur Kubernetes by Xavier Mehrenberger at SSTIC: Slides , Article , Video
-
Android_Emuroot: Outils de rooting d’un émulateur Android Google API PlayStore by Anaïs Gantet and Mouad Abouhali at SSTIC: Slides , Video , GitHub
Vulnerabilities
- Backdoor accounts, password encryption, remote command execution, and SQL injection on Xerox AltaLink printers: Xerox bulletins XRX20G, XRX20I, XRX20R, XRX20X.
- Remote command execution on Xerox Phaser, VersaLink and WorkCentre printers: Xerox bulletin XRX20K.
- Backdoor accounts, remote command execution, password encryption, buffer overflow, and arbitrary file read / delete on Xerox WorkCentre printers: Xerox bulletins XRX20L, XRX20M, XRX20V.
2019
Publications
Vulnerabilities
- (CVE not yet assigned): Remote command execution as root in several Xerox printer models, backdoor account: Xerox bulletin XRX19AI, XRX19AP.
-
CVE-2019-10880: Remote command execution vulnerability in several Xerox printer models: Xerox bulletins XRX19C, XRX19E, XRX19G, XRX19I, XRX19J, XRX19K, XRX19L, XRX19M and XRX19Q.
-
CVE-2019-12091: Command execution vulnerability in Netskope client
-
CVE-2019-10882: Memory corruption vulnerability in Netskope client
-
CVE-2019-6171: ThinkPad embedded controller update vulnerability, Lenovo Security Advisory LEN-27764
-
CVE-2019-19518: Unauthenticated remote command exec and arbitrary file access on CA Autonomic Sysload. Broadcom/CA advisory CA20191210-01
-
CVE-2019-18337, CVE-2019-18338, CVE-2019-18339, CVE-2019-18340: Multiple vulnerabilities (auth bypasses, path traversal and obfuscated password storage) in Siemens SiNVR Video Management Solution. Advisory SSA-761617.
2018
Publications
-
Turning your BMC into a revolving door by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at ZeroNights: Slides
-
Android_Emuroot: Abusing Google Play emulator debugging to RE non-cooperative apps as root by Anaïs Gantet at Blackhoodie18: Slides , Demo, GitHub
-
Backdooring your server through its BMC: the HPE iLO4 case by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at SSTIC: Slides , Slides , Paper , GitHub.
-
Subverting your server through its BMC: the HPE iLO4 case by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at RECON (Brussels): Slides , GitHub.
-
Deep dive into an ICS Firewall by Julien Lenoir, Benoît Camredon at Black Hat USA Slides
2017
Publications
-
An analysis of the Warbird virtual-machine protection for the
CI!g_pStore
by Alexandre Gazet: Post , GitHub
-
PowerSAP: PowerShell tool to assess SAP security by Joffrey Czarny at Troopers, Black Hat (USA and Europe), and UniverShell: Slides , GitHub
-
BinCAT: purrfecting binary static analysis, by Philippe Biondi, Xavier Mehrenberger, Raphaël Rigo and Sarah Zennou:
-
CrashOS by Anaïs Gantet:
-
cpu_rec.py
, un outil statistique pour la reconnaissance d’architectures binaires exotiques by Louis Granboulan:
-
Blackbox reconstruction of SD card accesses by Xavier Mehrenberger and Raphaël Rigo at BeeRumP: Slides .
Advisories
- Three vulnerabilities in Tofino Xenon Security Appliance - 3.10 and earlier by Julien Lenoir, details:
-
CVE-2017-11400
: Incomplete firmware signature
-
CVE-2017-11401
: DPI ModBus filter bypass
-
CVE-2017-11400
: Firewall bypass
2016
2015
-
Failure is not an option (Keynote) by Philippe Biondi at GreHack: Slides , Video
-
A peek under the Blue Coat by Raphaël Rigo at Black Hat Europe and Ruxcon: Slides, video
-
Implementing Your Own Generic Unpacker by Julien Lenoir at HITB: Slides , Video, Code.
-
REbus: a communication bus for security tools interactions by Philippe Biondi, Sarah Zennou, Xavier Mehrenberger at SSTIC, Slides , Paper , Video
-
Active Directory security analysis with BTA tool by Joffrey Czarny and Philippe Biondi:
-
Reverse Engineering: the case of encrypted hard drives by Joffrey Czarny & Raphaël Rigo at SSTIC and Hardwear.io: Slides , Slides , Paper
-
The challenge of designing a secure encrypted hard drive by Raphaël Rigo at SyScan: Slides, Video
2014
-
Active Directory security analysis with BTA tool by Joffrey Czarny and Philippe Biondi at SSTIC 2014
Articles
-
Analyse de malware à la rescousse du CSIRT : de la rétro-conception aux IOC by Mouad Abouhali in MISC Magazine HS 10 , Article
-
Contrôler la sécurité des objets de l’Active Directory avec BTA by Joffrey Czarny in MISC Magazine HS 10 , Article
2012
-
Protection Against Reverse Engineering by Code Obfuscation by Axel Tillequin at PPREW’1
2011
-
Sécurité du système Android (The security of Android) by Nicolas Ruff at SSTIC: Slides , Paper
-
SSTIC challenge best solution by Axel Tillequin.
-
Pre-boot virtualization of a physical appliance with ramooflax by Stéphane Duverger at
2010
-
Audit d’applications .NET complexes - le cas Microsoft OCS 2007 (.NET applications analysis the case of Microsoft OCS 2007) by Nicolas Ruff at SSTIC: Slides , Paper
-
SSTIC challenge best solution: French and English by Arnaud Ebalard
2009
-
Attacking Wifi networks with traffic injection by Cédric Blancher at SyScan: Slides
-
Pourquoi la sécurité est un échec (et comment y remédier) by Nicolas Ruff at SSTIC: Slides , Paper
2008
-
Dépérimetrisation: futur de la sécurité réseau ou pis aller passager ? by Cédric Blancher at SSTIC: Slides , Paper
2007
-
IPv6 routing header security by Philippe Biondi and Arnaud Ebalard at CanSecWest: Slides
-
Linux 2.6 kernel exploits by Stéphane Duverger at:
-
Analyse statique par interprétation abstraite (static analysis by abstract interpretation) by Charles Hymans and Xavier Allamigeon at SSTIC
-
Aircraft Onboard Systems Security by Cédric Blancher at Bellua Cyber Security
-
Autopsie d’une intrusion “tout en mémoire” sous Windows (Autopsy of a Windows in-memory intrusion) by Nicolas Ruff at SSTIC: Slides , Paper
2006
-
Scapy and IPv6 Networking by Philippe Biondi and Arnaud Ebalard at HITB: Slides
- Skype research:
-
Playing with ptrace for fun and profit by Nicolas Bareil at SSTIC: Slides , Paper
-
La sécurité dans Mobile IPv6 (Security of mobile IPv6) by Arnaud Ebalard and Guillaume Valadon at SSTIC: Slides , Paper
-
Sécurité des offres ADSL en France by Nicolas Ruff at SSTIC: Slides , Paper
2005
-
Attacking WiFi with traffic injection by Cédric Blancher at Ruxcon (Slides), PacSec (Slides), SyScan (Slides), REcon (Slides)
-
Scapy: explore the net with new eyes by Philippe Biondi at T2: Slides
-
Network packet forgery with Scapy by Philippe Biondi at PacSec: Slides
-
VoIP security by Nicolas Bareil at SSTIC: Slides , Paper
-
Shellforge by Philippe Biondi at Libre Software Meeting LSM/RMLL: Slides
-
Utilisation des outils Honeypot pour la détection d’intrusion by Philippe Biondi et Cédric Blancher at EUROSEC: Slides
-
Protocoles réseau : grandeur et décadence by Cédric Blancher, Nicolas Fischbach and Pierre Betouin at SSTIC: Slides , Paper
2004
-
About Shellcodes by Philippe Biondi at Syscan: Slides