Airbus security lab publications
Airbus security lab was previously known as, in chronological order:
- EADS CCR security lab
- EADS Innovation Works (IW) security lab
- Airbus Group Innovations security lab
Find all our tools on Github: https://github.com/airbus-seclab/.
2022
Vulnerabilities
- BMC Truesight Server Automation (RSCD) local privilege escalation: BMC advisories 1 2 3
- BMC Truesight Server Automation (RSCD) default password for the BladeLogicRSCDDC user: BMC advisories 1 2 3
- Netbackup Primary/Media Server: VTS22-004 (CVE-2022-36984, CVE-2022-36985, CVE-2022-36986, CVE-2022-36987, CVE-2022-36988, CVE-2022-36989, CVE-2022-36990, CVE-2022-36991, CVE-2022-36992, CVE-2022-36993, CVE-2022-36994, CVE-2022-36995, CVE-2022-36996, CVE-2022-36997, CVE-2022-36998, CVE-2022-36999, CVE-2022-37000)
- NetBackup Client: VTS22-008 (CVE-2022-36955, CVE-2022-36956)
- NetBackup OpsCenter: VTS22-009 (CVE-2022-36948, CVE-2022-36949, CVE-2022-36950, CVE-2022-36951, CVE-2022-36952, CVE-2022-36953, CVE-2022-36954, CVE-2022-23457)
2021
Publications
- Attacking Xerox multi function printers by Raphaël Rigo at INFILTRATE: Slides, Video
- GUSTAVE: Fuzz It Like It’s App by Stéphane Duverger and Anaïs Gantet at DMU Cyber Week: Slides
-
HPE iLO 5 security – Go home cryptoprocessor, you’re drunk! by Alexandre Gazet (Airbus), Fabien Perigaud (Synacktiv) and Joffrey Czarny at SSTIC: Slides
, Article 
, Video
-
HPE iLO 5 security – Go home cryptoprocessor, you’re drunk! by Alexandre Gazet (Airbus), Fabien Perigaud (Synacktiv) and Joffrey Czarny at Black Hat USA: Slides
Articles
- A blog post series on QEMU Internals by Stéphane Duverger: Blog
- Getting the maximum of your C compiler, for security: Page
Vulnerabilities
Tools
- GEA1_break: Implementation of the key recovery attack against GEA-1 keys (Eurocrypt 2021)
- BinCAT: v1.2 released
2020
Publications
-
Sécurité des infrastructures basées sur Kubernetes by Xavier Mehrenberger at SSTIC: Slides , Article , Video
-
Android_Emuroot: Outils de rooting d’un émulateur Android Google API PlayStore by Anaïs Gantet and Mouad Abouhali at SSTIC: Slides , Video , GitHub
Vulnerabilities
- Backdoor accounts, password encryption, remote command execution, and SQL injection on Xerox AltaLink printers: Xerox bulletins XRX20G, XRX20I, XRX20R, XRX20X.
- Remote command execution on Xerox Phaser, VersaLink and WorkCentre printers: Xerox bulletin XRX20K.
- Backdoor accounts, remote command execution, password encryption, buffer overflow, and arbitrary file read / delete on Xerox WorkCentre printers: Xerox bulletins XRX20L, XRX20M, XRX20V.
2019
Publications
-
Tendances et contraintes de l’automatisation du fuzzing d’OS embarqué by Stéphane Duverger at GDR Sécurité
-
Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller by Alex Matrosov (NVIDIA) and Alexandre Gazet at Black Hat USA: Slides
-
GUSTAVE: Fuzz It Like It’s App by Stéphane Duverger and Anaïs Gantet at SSTIC: Slides
Paper , GitHub, Video -
Riding the lightning: iLO4&5 BMC security wrap-up by Fabien Perigaud (Synacktiv), Alexandre Gazet and Joffrey Czarny (Medallia) at Insomni’hack: Slides
-
Defeating NotPetya from your iLO by Joffrey Czarny (Medallia), Alexandre Gazet, Adrien Guinet (Quarkslab), Fabien Perigaud (Synacktiv): Whitepaper
-
GUSTAVE: Fuzzing OS kernels like simple applications by Stéphane Duverger and Anaïs Gantet at THCon19: Slides
Vulnerabilities
- (CVE not yet assigned): Remote command execution as root in several Xerox printer models, backdoor account: Xerox bulletin XRX19AI, XRX19AP.
-
CVE-2019-10880: Remote command execution vulnerability in several Xerox printer models: Xerox bulletins XRX19C, XRX19E, XRX19G, XRX19I, XRX19J, XRX19K, XRX19L, XRX19M and XRX19Q.
-
CVE-2019-12091: Command execution vulnerability in Netskope client
-
CVE-2019-10882: Memory corruption vulnerability in Netskope client
- CVE-2019-6171: ThinkPad embedded controller update vulnerability, Lenovo Security Advisory LEN-27764
- CVE-2019-19518: Unauthenticated remote command exec and arbitrary file access on CA Autonomic Sysload. Broadcom/CA advisory CA20191210-01
- CVE-2019-18337, CVE-2019-18338, CVE-2019-18339, CVE-2019-18340: Multiple vulnerabilities (auth bypasses, path traversal and obfuscated password storage) in Siemens SiNVR Video Management Solution. Advisory SSA-761617.
2018
Publications
-
Turning your BMC into a revolving door by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at ZeroNights: Slides
-
Android_Emuroot: Abusing Google Play emulator debugging to RE non-cooperative apps as root by Anaïs Gantet at Blackhoodie18: Slides
, Demo, GitHub -
Backdooring your server through its BMC: the HPE iLO4 case by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at SSTIC: Slides
, Slides , Paper , GitHub. -
Subverting your server through its BMC: the HPE iLO4 case by Fabien Perigaud, Alexandre Gazet and Joffrey Czarny at RECON (Brussels): Slides
, GitHub.
2017
Publications
-
An analysis of the Warbird virtual-machine protection for the
CI!g_pStoreby Alexandre Gazet: Post, GitHub
-
PowerSAP: PowerShell tool to assess SAP security by Joffrey Czarny at Troopers, Black Hat (USA and Europe), and UniverShell: Slides , GitHub
- BinCAT: purrfecting binary static analysis, by Philippe Biondi, Xavier Mehrenberger, Raphaël Rigo and Sarah Zennou:
- CrashOS by Anaïs Gantet:
-
cpu_rec.py, un outil statistique pour la reconnaissance d’architectures binaires exotiques by Louis Granboulan: -
Blackbox reconstruction of SD card accesses by Xavier Mehrenberger and Raphaël Rigo at BeeRumP: Slides .
Advisories
- Three vulnerabilities in Tofino Xenon Security Appliance - 3.10 and earlier by Julien Lenoir, details:
-
CVE-2017-11400: Incomplete firmware signature -
CVE-2017-11401: DPI ModBus filter bypass -
CVE-2017-11400: Firewall bypass
-
2016
-
Dungeons and Dragons and Security by Tiphaine Romand-Latapie at Black Hat USA and THCon’17: Slides , Paper
-
Gunpack: un outil générique d’unpacking de malwares by Julien Lenoir at SSTIC: Slides , Paper , Code.
-
USB Toolkit by Benoit Camredon at SSTIC: Slides , Paper , GitHub (kernel), GitHub (user).
-
App vs Wild by Stéphane Duverger at SSTIC and THCon’17: Slides , Paper , GitHub (ramooflax).
- Lost your “secure” HDD PIN? We can help! by Julien Lenoir & Raphaël Rigo:
-
Secrets in Soft Token: A security study of HID Global Soft Token by Mouad Abouhali at Hack.lu: Slides
2015
-
Failure is not an option (Keynote) by Philippe Biondi at GreHack: Slides , Video
- A peek under the Blue Coat by Raphaël Rigo at Black Hat Europe and Ruxcon: Slides, video
-
Implementing Your Own Generic Unpacker by Julien Lenoir at HITB: Slides , Video, Code.
-
REbus: a communication bus for security tools interactions by Philippe Biondi, Sarah Zennou, Xavier Mehrenberger at SSTIC, Slides , Paper , Video
-
Active Directory security analysis with BTA tool by Joffrey Czarny and Philippe Biondi:
- Presented at Hack.lu 2015, BlackHat USA Arsenal
-
Slides , Slides , Paper
- Code
-
Reverse Engineering: the case of encrypted hard drives by Joffrey Czarny & Raphaël Rigo at SSTIC and Hardwear.io: Slides , Slides , Paper
- The challenge of designing a secure encrypted hard drive by Raphaël Rigo at SyScan: Slides, Video
2014
- Active Directory security analysis with BTA tool by Joffrey Czarny and Philippe Biondi at SSTIC 2014
Articles
-
Analyse de malware à la rescousse du CSIRT : de la rétro-conception aux IOC by Mouad Abouhali in MISC Magazine HS 10 , Article
-
Contrôler la sécurité des objets de l’Active Directory avec BTA by Joffrey Czarny in MISC Magazine HS 10 , Article
2012
- Protection Against Reverse Engineering by Code Obfuscation by Axel Tillequin at PPREW’1
2011
-
Sécurité du système Android (The security of Android) by Nicolas Ruff at SSTIC: Slides , Paper
-
SSTIC challenge best solution by Axel Tillequin.
- Pre-boot virtualization of a physical appliance with ramooflax by Stéphane Duverger at
2010
-
Audit d’applications .NET complexes - le cas Microsoft OCS 2007 (.NET applications analysis the case of Microsoft OCS 2007) by Nicolas Ruff at SSTIC: Slides , Paper
- SSTIC challenge best solution: French and English by Arnaud Ebalard
2009
- Attacking Wifi networks with traffic injection by Cédric Blancher at SyScan: Slides
-
Pourquoi la sécurité est un échec (et comment y remédier) by Nicolas Ruff at SSTIC: Slides , Paper
2008
-
Dépérimetrisation: futur de la sécurité réseau ou pis aller passager ? by Cédric Blancher at SSTIC: Slides , Paper
2007
- IPv6 routing header security by Philippe Biondi and Arnaud Ebalard at CanSecWest: Slides
- Linux 2.6 kernel exploits by Stéphane Duverger at:
- Analyse statique par interprétation abstraite (static analysis by abstract interpretation) by Charles Hymans and Xavier Allamigeon at SSTIC
- Aircraft Onboard Systems Security by Cédric Blancher at Bellua Cyber Security
-
Autopsie d’une intrusion “tout en mémoire” sous Windows (Autopsy of a Windows in-memory intrusion) by Nicolas Ruff at SSTIC: Slides , Paper
2006
- Scapy and IPv6 Networking by Philippe Biondi and Arnaud Ebalard at HITB: Slides
- Skype research:
-
Playing with ptrace for fun and profit by Nicolas Bareil at SSTIC: Slides , Paper
-
La sécurité dans Mobile IPv6 (Security of mobile IPv6) by Arnaud Ebalard and Guillaume Valadon at SSTIC: Slides , Paper
-
Sécurité des offres ADSL en France by Nicolas Ruff at SSTIC: Slides , Paper
2005
- Attacking WiFi with traffic injection by Cédric Blancher at Ruxcon (Slides), PacSec (Slides), SyScan (Slides), REcon (Slides)
- Scapy: explore the net with new eyes by Philippe Biondi at T2: Slides
- Network packet forgery with Scapy by Philippe Biondi at PacSec: Slides
-
VoIP security by Nicolas Bareil at SSTIC: Slides , Paper
- Shellforge by Philippe Biondi at Libre Software Meeting LSM/RMLL: Slides
-
Utilisation des outils Honeypot pour la détection d’intrusion by Philippe Biondi et Cédric Blancher at EUROSEC: Slides
-
Protocoles réseau : grandeur et décadence by Cédric Blancher, Nicolas Fischbach and Pierre Betouin at SSTIC: Slides , Paper
2004
- About Shellcodes by Philippe Biondi at Syscan: Slides