We are a French company specialized in offensive and defensive computer security. Building on the solid experience of its two founders and its team, HDW Sec uses its expertise to help governments and companies. In order to do this in the best possible way our team offers a set of services that will allow us to answer to your security related challenges.
Our services are modular and tailored to each client. Do not hesitate to contact us for more information.
We audit your network and software in order to help you detect and fix vulnerabilities before they are used to harm you.
We test the security reflexes of your employees by mixing traditional hacking techniques and social engineering (email, phone calls, in-person approach, etc.) .
We help you to manage the security aspect of your projects.
We train and raise awareness of your teams about computer security in all of its aspects (technical et practical).
We develop custom-made software to fit your unique needs and help you explore the technology-based solutions of tomorrow.
We allow you to access tomorrow's vulns today . Put your security to the test by trying unknown attacks on your systems and raise your security by detecting those threats.
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. A vulnerability can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.
Read More
A global memory corruption vulnerability exists in the upnpd server. A specially-crafted SUBSCRIBE request can lead to a stack buffer overflow. An attacker can send a malicious request to trigger this vulnerability and modify the execution flow to an arbitrary address somewhere in the memory of the upnpd process. This vulnerability can be exploited from the WAN or LAN.
Read More
Pre-auth remote code execution vulnerability found in the NETGEAR Nighthawk r7000p on the WAN interface. Nighthawk R7000P is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users..
Read More
Recently, some vulnerabilities have been discovered in the "zoom" application, including one allowing code injection, giving malware the possibility of having access to the camera and the microphone. (1) Microsoft Skype (macOS version) suffers from the same type of vulnerability.
Read More
Fuzzing has now become commonplace, especially since the release of AFL. As performance is key, we'd like to optimize our fuzzing methods to maximize the number of bugs found during a given period of time.
Read More
At the beginning of 2015 Udi Yavo [1] found a Windows kernel vulnerability that can be exploited from Windows XP up to Windows 10 (preview). The vulnerability is a kernel use-after-free, which allows getting a non-arbitrary write primitive and then corrupts an adjacent object.
Read More
Last month, FireEye identified a 0-day exploit (now identified as CVE-2014-0322), the code was targeting American military personnel according to the news. This attack was named « Operation Snowman ».
Read More
I was recently looking for an opensource cpp lightweight PDF and XPS viewer to play with and I found MuPDF. Here is how I discovered a remote code execution when a user opens a malicious XPS document.
Read More+33 (0) 970 463 030
contact@hdwsec.fr
Our PGP key
178 Boulevard Haussmann
75008 Paris , FRANCE