Researchs

Technical Security, with tools, techniques, and advisories.

We are constantly researching some products and developing new tools. We will be publishing these works here.

The following issues were discovered by our team :

Date Title Type Platform Author
2020-04-29 School ERP Pro 1.0 - Arbitrary File Read WebApps PHP Besim
2020-04-28 School ERP Pro 1.0 - Remote Code Execution WebApps PHP Besim
2020-04-28 School ERP Pro 1.0 - 'es_messagesid' SQL Injection WebApps PHP Besim
2020-04-27 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) WebApps PHP Besim
2020-04-27 Netis E1+ V1.2.32533 - Unauthenticated WiFi Password Leak WebApps Hardware Besim
2020-04-27 Netis E1+ 1.2.32533 - Backdoor Account (root) WebApps Hardware Besim
2020-04-27 PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload WebApps PHP Besim
2020-04-24 Edimax EW-7438RPn 1.13 - Remote Code Execution WebApps Hardware Besim
2020-04-24 EspoCRM 5.8.5 - Privilege Escalation WebApps Multiple Besim
2020-04-22 Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) WebApps Hardware Besim
  • PiDense : Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Densit
  • PiKarma : Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)
  • PiSavar : Detects activities of PineAP module and starts deauthentication attack (for fake access points - WiFi Pineapple Activities Detection)
  • PiFinger : Searches for wifi-pineapple traces and calculate wireless network security score
  • PiUser : Analyze user behavior against fake access points
  • PiOpen : Analyzes all Open Wireless Networks for detect fake access points (Fingerprint)
  • PiNokyo : If threats like wifi pineapple attacks or karma attacks are active around, users will be informed about these threats. Like proxy
  • PiDeception : If an attacker has created a fake enterprise wireless network, my goal is to deceive him.