CyberForce Offensive Security Team

CyberForce Offensive Security Team

The CyberForce & Offensive Security Team (COS) of POST CyberForce is made up of 8 passionate consultants.

Their practical and confirmed experience within offensive security field and red team operations with the mix of young talents and very experienced offsec experts allow them to offer the highest level of services for their customers using innovative approaches.

« The cybersecurity is not only our work, but also our passion, a passion that we want to share. Together we hit harder. »

Articles written by CyberForce Offensive Security Team

Searching for vulnerabilities in IoT devices: Case of CVE-2022-46527 (Part 2)

This article is the second part of case study CVE-2022-46527 and will discuss the discovery of the vulnerability and a proof of concept leading to a crash

Searching for vulnerabilities in IoT devices: Case of CVE-2022-46527 (Part 1)

Setting up the environment to scan IoT devices for vulnerabilities: Case of CVE-2022-46527

Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART2: gaining code execution

How to exploit the vulnerability in Firefox 56 and 57 to get code execution

Read this article

Published on

19 September 2022

Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART1: controlling the instruction pointer

Find out how to take advantage of the whole underflow vulnerability on Firefox 56 and 57

Adversary simulation exercise: when real-life meet business

This article is short story telling about one adversary simulation exercise we (POST CyberForce Offensive Security) performed.

iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE

You might have seen the recent bug in iOS 14.0 to 14.4, that crashed the Wi-Fi service by naming an access point a specific way. Apple tagged this bug as a Denial of Service on the Wi-Fi service, but the Zecops [1] Research Team has shown proofs that it could be exploited, causing an RCE, and more precisely a Zero-Click RCE.

Read this article

Published on

07 September 2021

Anatomy of a Red-Team exercise - Chapter 3

As discussed in previous scenario, we prepared several raspberry devices with a 4G modem, allowing us to remotely control the device without requiring being in proximity for operation.

Anatomy of a Red-Team exercise - Chapter 2

Prior any actions, we focused on the payload crafting that will be used with our attack scenarios. We decided to go for PowerShell stageless reverse HTTPS payload that will be delivered using HTA dropper and then executed on the target machine.

Anatomy of a Red-Team exercise - Chapter 1

A Red Team engagement can be shortly described as a real-life targeted attack simulation. As a threat actor, it uses a blended approach through several facets of social engineering, physical intrusion, application/network penetration testing, targeted phishing campaign… simultaneously to reach some pre-defined objectives.

Our experts answer your questions

Do you have any questions about an article? Do you need help solving your IT issues?