When you get the chance to take a look at the IT systems of financial institutions, telcos, and other big companies, where availability has been a key business concern for decades, you’ll find, that some critical operations run through some obscure systems, in many cases accessed via nostalgic green-on-black terminals,...
2022-09-05 — 9 minute readLog4Shell, formally known as CVE-2021-44228 seems to be the next big vulnerability that affects a huge number of systems, and the affected component, Log4j gets involved in logging untrusted data by design. This results in lots of vulnerable hosts that are hidden in the sense that naive testing won’t find...
2021-12-12 — 3 minute readIn January Mozilla published a post on their Attack & Defense blog about Effectively Fuzzing the IPC Layer in Firefox. In this post the authors pointed out that testing individual components of complex systems (such as a web browser) in isolation should be extended by full-system testing, for which snapshot...
2021-10-14 — 15 minute readIt’s not a secret that we at Silent Signal are hopeless romantics, especially when it comes to classic Unix systems (1, 2, 3). Since some of these systems – that still run business critical applications at our clients – are based on some “exotic” architectures, we have a nice hardware...
2021-04-06 — 5 minute readThis blog post is dedicated to those to brave souls that dare to roll their own crypto The RSA Textbook of Horrors This story begins with an old project of ours, where we were tasked to verify (among other things) how a business application handles digital signatures of transactions, to...
2021-02-08 — 6 minute readOn a recent engagement our task was to assess the security of a service built on IBM Integration Bus, an integration platform for Java Messaging Services. These scary looking enterprise buzzwords usually hide systems of different complexities connected with Message Queues. Since getting arbitrary test data in and out of...
2020-08-17 — 8 minute readRenewal paper of my GIAC Web Application Penetration Tester certification: Tips and scripts for reconnaissance and scanning
2020-05-20 — 1 minute readSniffing plaintext network traffic between apps and their backend APIs is an important step for pentesters to learn about how they interact. In this blog post, we’ll introduce a method to simplify getting our hands on plaintext messages sent between apps ran on our attacker-controlled devices and the API, and...
2020-05-04 — 7 minute read