Intro At TROOPERS24, we demonstrated how IBM i systems – still widely used in enterprise environments – can be compromised in both authenticated and unauthenticated scenarios, using only built-in services and a basic understanding of the underlying mechanisms. Despite being labeled “legacy,” these systems remain active in finance, logistics, and...
2025-09-04 — 8 minute readThis blogpost describes our journey through discovering CVE-2024-28080, an authentication bypass vulnerability in Gitblit, “an open-source, pure Java stack for managing, viewing, and serving Git repositories”. The vulnerability affects the SSH service and can only be exploited for users that have at least one public key assigned to their account....
2025-08-29 — 13 minute readAs part of our ongoing research of the IBM i platform we monitor news and updates related to the platform. Two weeks ago IBM published a support article about a compatibility issue affecting IBM i Access Client Solutions (ACS) when running on Windows 11 24H2. The “no man’s land” between...
2025-01-21 — 13 minute readIn 2015, we published a blog post about the recruitment challenges we devised for candidates who’d like to join our pentester team. The post got much attention, with supportive comments and criticism as well. Learning from this experience, we created a completely new challenge that we’re retiring today, and we’d...
2025-01-14 — 19 minute readThis is a blog post by Erik Szinai, who worked with us as an intern during the last couple of months. We hope our readers will find his contribution to the Burp Suite ecosystem useful! Burp usually excels in automatically detecting arbitrarily nested structures, encodings and datatypes found in HTTP...
2024-12-06 — 10 minute readThere aren’t too many professions in IT that makes professionals learn so many different technologies as pentesting does: one week you are neck-deep in Windows AD, the other you are trying to make sense of some custom thick client protocol in Wireshark, while you are running some webapp scans in...
2024-10-27 — 13 minute readPreface Have you ever seen privilege escalation in action on IBM i? In this post we show how techniques we already posted about could be used to discover and exploit a previously unknown vulnerability. The IBM Facsimile Support for i was vulnerable to local privilege escalation - the vulnerabilities were...
2023-08-22 — 2 minute readPreface IBM published a security bulletin called IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture on 2023.06.30, fixing an unauthenticated remote code execution vulnerability reported by us. This blog post contains the technical details of the discovery and exploitation processes. About...
2023-07-03 — 6 minute read