Our Blog
From Discovery to Disclosure: ReCrystallize Server Vulnerabilities
Reading time:
~11 min
Posted
by Paul van der Haas
on
22 March 2024
TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many problems, some of which...
Dress Code – The Talk
Reading time:
~33 min
Posted
by Felipe Molina
on
23 August 2023
TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023,...
Decoding BlazorPack
Reading time:
~14 min
Posted
by Rogan Dawes
on
22 February 2023
TL;DR: I couldn’t make a custom BlazorPack editor work in Burp, so I used Mallet instead. From an indecipherable binary...
Adventures into HTTP2 and HTTP3
Reading time:
~21 min
Posted
by Jacques Coertze
on
27 May 2021
A few months ago I was exploring the write-ups and video solutions for the retired HackTheBox machine – Quick. It’s...
Being Stubborn Pays Off pt. 2 – Tale of two 0days on PRTG Network Monitor
Reading time:
~12 min
Posted
by Javier Jimenez
on
22 May 2020
Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and...
Bypassing access control in BMC Control-D Report Viewer
Reading time:
~5 min
Posted
by Rogan Dawes
on
03 December 2019
BMC makes a number of mainframe-focused applications, one of which is Control-D. Control-D is a “Report Distribution system for distributed...
Being Stubborn Pays Off pt. 1 – CVE-2018-19204
Reading time:
~13 min
Posted
by Javier Jimenez
on
18 April 2019
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...
Abusing File Converters
Reading time:
~3 min
Posted
by etienne
on
01 October 2015
Every now and then you run into a new file format and you find that you may not have a...
[Another] Intercepting Proxy
Reading time:
~6 min
Posted
by etienne
on
03 September 2015
But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and...
Break the Web at BlackHat Singapore
Reading time:
~2 min
Posted
by sara
on
09 March 2015
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available...
SensePost Challenge – Winners and Walkthrough
Reading time:
~10 min
Posted
by etienne
on
27 June 2014
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses...
Associating an identity with HTTP requests – a Burp extension
Reading time:
~8 min
Posted
by Rogan Dawes
on
05 June 2014
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...
Revisting XXE and abusing protocols
Reading time:
~9 min
Posted
by etienne
on
28 January 2014
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
Reading time:
~1 min
Posted
by nick
on
08 February 2009
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...
Applescript for HTTP BruteForcing..
Reading time:
~2 min
Posted
by Haroon Meer
on
01 January 2008
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to...
Rob Auger from OWASP/WASC/CGiSecurity on Timing..
Reading time:
~1 min
Posted
by Haroon Meer
on
11 December 2007
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...
BotNets not just for SPAM any more
Reading time:
Less than a minute
Posted
by Haroon Meer
on
21 September 2007
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to...
Re: Jeremiah Grossmans “How to find your websites”
Reading time:
~3 min
Posted
by Haroon Meer
on
05 June 2007
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear...