Intro At the end of last year and the beginning of this one, I focused on IBM i library list (LIBL) based privilege escalation vulnerabilities — a subtle but critical class of issues that can quietly undermine the security of both the core operating system and 3rd party applications. While...
2025-10-22 — 5 minute readIntro At TROOPERS24, we demonstrated how IBM i systems – still widely used in enterprise environments – can be compromised in both authenticated and unauthenticated scenarios, using only built-in services and a basic understanding of the underlying mechanisms. Despite being labeled “legacy,” these systems remain active in finance, logistics, and...
2025-09-04 — 8 minute readThis blogpost describes our journey through discovering CVE-2024-28080, an authentication bypass vulnerability in Gitblit, “an open-source, pure Java stack for managing, viewing, and serving Git repositories”. The vulnerability affects the SSH service and can only be exploited for users that have at least one public key assigned to their account....
2025-08-29 — 13 minute readAs part of our ongoing research of the IBM i platform we monitor news and updates related to the platform. Two weeks ago IBM published a support article about a compatibility issue affecting IBM i Access Client Solutions (ACS) when running on Windows 11 24H2. The “no man’s land” between...
2025-01-21 — 13 minute readIn 2015, we published a blog post about the recruitment challenges we devised for candidates who’d like to join our pentester team. The post got much attention, with supportive comments and criticism as well. Learning from this experience, we created a completely new challenge that we’re retiring today, and we’d...
2025-01-14 — 19 minute readThis is a blog post by Erik Szinai, who worked with us as an intern during the last couple of months. We hope our readers will find his contribution to the Burp Suite ecosystem useful! Burp usually excels in automatically detecting arbitrarily nested structures, encodings and datatypes found in HTTP...
2024-12-06 — 10 minute readThere aren’t too many professions in IT that makes professionals learn so many different technologies as pentesting does: one week you are neck-deep in Windows AD, the other you are trying to make sense of some custom thick client protocol in Wireshark, while you are running some webapp scans in...
2024-10-27 — 13 minute readPreface Have you ever seen privilege escalation in action on IBM i? In this post we show how techniques we already posted about could be used to discover and exploit a previously unknown vulnerability. The IBM Facsimile Support for i was vulnerable to local privilege escalation - the vulnerabilities were...
2023-08-22 — 2 minute read