• Recherche en vulnérabilité informatique.

    Graph

    Alternativ-Testing est une équipe composée de 4 chercheurs en sécurité informatique.

    Toujours à la recherche de nouvelles techniques d'exploitation, notre équipe est très active et s'oriente particulièrement sur les navigateurs et applications web testant jour après jour leur sécurité.

  • Ressources.

    Graph

    Location Bar & SSL Spoofing, Cross Origin Bypass, Remote Code Execution... tant de vulnérabilités reportées par nos chercheurs parmi les softwares les plus utilisé au monde.

    Aujourd'hui Alternativ-testing a réussi à s'imposer dans le milieu de la recherche en sécurité informatique grâce au talent et à la persévérance de ses chercheurs motivés.

  • Collaboration.

    Graph

    Alternativ-Testing est en contact direct avec les consultants, chercheurs et développeurs de multiples entreprises et ainsi contribue chaque jour à la sécurité du web.

    Nos recherches sont publiées sur les plus grands sites de report en vulnérabilité informatique depuis la création de ce groupe.

Dans la presse :

BleepingComputer.com : Google Chrome 57 Released with WebAssembly Support, 36 Security Fixes




(...)
[$1000][642490] Medium CVE-2017-5041:
Address spoofing in Omnibox.
Credit to Jordi Chancel
(...)

EWEEK : Firefox 47 Debuts With 13 Security Advisories





Also of note is an address bar spoofing
flaw (CVE-2016-2822) that Mozilla rates as
having a moderate impact. The flaw could
have potentially enabled an attacker to spoof
the contents of the address bar, tricking a user
into landing on a malicious site.

SCMAGAZINE.COM : Mozilla releases Firefox 42, fixes several vulnerabilities





The seven moderate risk patches
fix items such as Android intents can
be used on Firefox for Android to open privileged
files;(...);Firefox for Android address bar can
be removed after fullscreen mode that could allow
a hacker to change the address.

En.Wikipedia.org : Clickjacking#CursorJacking





Jordi Chancel discovered a
cursorjacking vulnerability using Flash,
HTML and JavaScript code in Mozilla Firefox on
Mac OS X systems (fixed in Firefox 30.0) that
lead to arbitrary code execution
and webcam spying.

EWEEK : Firefox 37 Debuts With Opportunistic Encryption, Security Fixes





Among the vulnerabilities rated
by Mozilla as having moderate impact is an
interesting cursor clickjacking flaw identified as
CVE-2015-0810. "Security researcher Jordi Chancel
reported a mechanism that made [the] cursor
invisible through flash content and then replaced
it through the layering of HTML content,"
Mozilla warned in its advisory...

EWEEK : Firefox 30 Delivers 7 Security Fixes, Other Changes





Finally, Firefox 30.0 provides
a fix for a click-jacking flaw identified
as CVE-2014-1539 that only affects Mac OS X users.
Security researcher Jordi Chancel reported a
mechanism where the cursor can be rendered
invisible after it has been used on an embedded
flash object when used outside of the object,
Mozilla warned in its advisory...

EWEEK : Mozilla Firefox 27 Delivers Better Security, Performance





Security researcher Jordi Chancel
reported that the dialog for saving downloaded
files did not implement a security timeout before button
selections were processed," Mozilla warned in
its advisory. "This could be used in concert with
spoofing to convince users to select a different
option than intended, causing downloaded
files to be potentially opened ...

TechWeekEurope : Mozilla Adds Web Audio Capabilities And Security Updates To Firefox 25





Mozilla is also providing a fix for a
spoofing security flaw that is rated as
having moderate severity. “Security researcher
Jordi Chancel discovered a method to put
arbitrary HTML content within select elements
and place it in arbitrary locations,” Mozilla warns
in its advisory. “This can be used to spoof
the displayed address bar...

The Hacker News : Google & Mozilla Patches Browsers Before Pwn2Own Hacker Contest !





The major flaw that was updated by
Firefox consists of a bug that if activated by a
corrupted JPEG file could lead to a crash. The bug
was detected by Jordi Chancel, a security
researcher at the company. Mozilla warned that the
bug is of critical nature and an attacker can use it
to craft a corrupted JPEG image that would
install a malicious code in the memory...

Softpedia News : Opera Hit by Critical 0-Day Vulnerability.





The flaw was discovered by French
security researcher Jordi Chancel who disclosed it
on his blog on January 7 and described it as an integer
truncation error. Mr. Chancel noted at the time that
even though the crashes are easy to replicate,
the address of the memory violation is unpredictable,
making exploitation a lot more complicated.
However, on Friday, French ...

ComputerWorld : Google patches Chrome for second time this month.





Researchers credited with reporting
two of the flaws were awarded bonuses as part of
Google's bug bounty program, which kicked off in
January. Most flaws earn their finders $500,
but researcher Jordi Chancel was handed $1,000
for the cross-origin bypass vulnerability he found
in Chrome's handling of Google URL, a code
library used to parse large ...

Zataz : Redirection non sécurisée pour Facebook.





Il se nomme 599eme Man, un internaute
français qui a découvert, il y a trois mois, une
faille de type XSS URL String Evasion sur le portail
communautaire internationale Facebook. Contactée,
l'équipe de Facebook avait rapidement corrigée la
vulnérabilité. Seulement, la correction a engendré
une nouvelle possibilité pirate. Contactés de
nouveau, il y a 1 mois, les ...

Zataz : Twitter, Facebook et la confidentialité... des failles corrigées.





Mi-octobre 2009, le pseudo 599eme Man,
membre du groupe Alternativ Testing, publiait le
billet "Facebook URL String Evasion Doublé" sur une
technique d'injection de code HTML par le biais
d'une variable mal filtrée sur une application. La
vulnérabilité jugée critique a été corrigée bien que
partiellement comme le souligne certaines
personnes par le biais du blog de...

 


De plus!

Nos chercheurs sont en contact direct avec les plateformes dédiées au report de vulnérabilité en ligne et peuvent vous aider dans vos démarches.

Prendre contact avec nous? Veuillez vous rendre dans la partie "contact us".

image