Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Featured Article
Our most important cybersecurity insight
A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
Backdoors in Zhone GPON 2520 and Alcatel Lucent I240Q
While examining the "dropbear" binary for the Zhone GPON 2520 and Alcatel Lucent I240Q, we found that both routers have backdoors that allow users with SSH access to connect to these devices with maximum privileges.
Drive By ONT Botnet with IRC C&C
Demonstration of a botnet created purely by using embedded devices which are controlled remotely through vulnerabilities exploited from a webpage.
Backdoor In Optical Fiber Device Alcatel-Lucent
The newest optical fiber devices offered by the ISP Infinitum have a backdoor which allow for full administration of these devices. This backdoor account is hidden by nature and does not allow for the password to be changed.