Tags in Silent Signal Techblog

.net

Engineering WCF Hacks | 27 Oct 2024

0day

Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019
Bare Knuckled Antivirus Breaking | 08 Jan 2018
Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017
AIX for Penetration Testers | 09 Jan 2015
HP-UX 0day local privilege escalation | 25 Jun 2014
How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

31c3

Code Review on the Cheap | 06 Jan 2015

3com

SNMP trap? | 14 Mar 2014

3g

Banging 3G rocks | 23 Jan 2014

AS/400

Another Tale of IBM i (AS/400) Hacking | 28 Sep 2022

AS400

Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation | 22 Aug 2023
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service | 03 Jul 2023
Booby Trapping IBM i | 30 Mar 2023
Abusing Adopted Authority on IBM i | 20 Jan 2023
Simple IBM i (AS/400) hacking | 05 Sep 2022

CVE-2013-5135

How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

CVE-2014-3440

CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution | 07 May 2015

CVE-2019-6976

Drop-by-Drop: Bleeding through libvips | 18 Apr 2019

DoS

You’re not looking at the big picture | 10 Feb 2016

FeOS

How to get root access on FireEye OS | 28 Jul 2014

FireEye

How to get root access on FireEye OS | 28 Jul 2014

IBM i

Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation | 22 Aug 2023
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service | 03 Jul 2023
Booby Trapping IBM i | 30 Mar 2023
Abusing Adopted Authority on IBM i | 20 Jan 2023
Another Tale of IBM i (AS/400) Hacking | 28 Sep 2022
Simple IBM i (AS/400) hacking | 05 Sep 2022

ImageTragick

Detecting ImageTragick with Burp Suite Pro | 13 May 2016

OpenVMS

The story of a pentester recruitment | 03 Apr 2015

Oracle

Fools of Golden Gate | 08 May 2017
Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Testing Oracle Forms | 27 May 2015
The story of a pentester recruitment | 03 Apr 2015

adobe

Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017

aix

Adding XCOFF Support to Ghidra with Kaitai Struct | 06 Apr 2021
AIX for Penetration Testers | 09 Jan 2015

android

Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Patching Android apps: what could possibly go wrong | 21 Oct 2019
Accessing local variables in ProGuarded Android apps | 16 Jun 2016
Quick and dirty Android binary XML edits | 04 Apr 2014

antivirus

Bare Knuckled Antivirus Breaking | 08 Jan 2018
Conditional DDE | 05 Dec 2017
Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017
An update on MD5 poisoning | 28 Nov 2016
Virtual Bank Robbery - In Real Life | 19 Jun 2015
Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014

anyconnect

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019

apache commons

Our new scanner for Text4Shell | 18 Oct 2022

api

Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Wide open banking: PSD2 and us | 27 Jan 2020
iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016
Testing Oracle Forms | 27 May 2015

apktool

Patching Android apps: what could possibly go wrong | 21 Oct 2019

apple

iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016
How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

apple remote desktop

How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

as400pwn

Abusing Adopted Authority on IBM i | 20 Jan 2023
Another Tale of IBM i (AS/400) Hacking | 28 Sep 2022

asa

Bake your own EXTRABACON | 25 Aug 2016

asn1

Abusing JWT public keys without the public key | 08 Feb 2021

asp.net

Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

authentication

Wide open banking: PSD2 and us | 27 Jan 2020

avgater

Bare Knuckled Antivirus Breaking | 08 Jan 2018

backup_exec

From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

binary_instrumentation

From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

binary_ninja

Emulating custom crytography with ripr | 21 Dec 2017

bitdefender

Bare Knuckled Antivirus Breaking | 08 Jan 2018

blind sql injection

Finding the salt with SQL inception | 17 Sep 2015
Duncan - Expensive injections | 10 Jan 2014

bug hunting

Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014
Plesk panel decryption | 17 Dec 2013

bugbounty

Tips and scripts for reconnaissance and scanning | 20 May 2020

burp

Handling Arbitrarily Nested Structures with Burp Suite | 06 Dec 2024
Snow cannon vs. unique snowflakes — testing registration forms | 02 Feb 2018
Not so unique snowflakes | 17 Feb 2017
Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

burp extension

Handling Arbitrarily Nested Structures with Burp Suite | 06 Dec 2024

burp suite

Our new scanner for Text4Shell | 18 Oct 2022
Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021
Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Unix-style approach to web application testing | 27 Mar 2020
Snow cannon vs. unique snowflakes — testing registration forms | 02 Feb 2018
Not so unique snowflakes | 17 Feb 2017
Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Detecting ImageTragick with Burp Suite Pro | 13 May 2016
iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016
You’re not looking at the big picture | 10 Feb 2016
Testing stateful web application workflows | 15 Jan 2016

bypass

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019
The curious case of encrypted URL parameters | 22 May 2018
Conditional DDE | 05 Dec 2017
An update on MD5 poisoning | 28 Nov 2016
Sanitizing input with regex considered harmful | 07 Mar 2014
WAF bypass made easy | 06 Jan 2014

cache

iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016

canary

Booby Trapping IBM i | 30 Mar 2023

challenge

The story of a pentester recruitment | 03 Apr 2015

cisco

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019
Bake your own EXTRABACON | 25 Aug 2016
ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

code review

Code Review on the Cheap | 06 Jan 2015

codeql

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

collision

Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

command execution

Detecting ImageTragick with Burp Suite Pro | 13 May 2016
How to get root access on FireEye OS | 28 Jul 2014
Compressed file upload and command execution | 31 Jan 2014

commix

Testing stateful web application workflows | 15 Jan 2016

conference

Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

crotch

Code Review on the Cheap | 06 Jan 2015

crypto

Abusing JWT public keys without the public key | 08 Feb 2021

cryptography

Abusing JWT public keys without the public key | 08 Feb 2021
The curious case of encrypted URL parameters | 22 May 2018
Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

dde

Conditional DDE | 05 Dec 2017

deception

Booby Trapping IBM i | 30 Mar 2023

decryption

Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
The curious case of encrypted URL parameters | 22 May 2018
Plesk panel decryption | 17 Dec 2013

deserialization

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

duncan

Finding the salt with SQL inception | 17 Sep 2015
Duncan - Expensive injections | 10 Jan 2014

emulator

Patching Android apps: what could possibly go wrong | 21 Oct 2019
Quick and dirty Android binary XML edits | 04 Apr 2014

equationgroup

Bake your own EXTRABACON | 25 Aug 2016

erlang

Proxying nonstandard HTTPS traffic | 02 Oct 2015

error messages

Virtual Bank Robbery - In Real Life | 19 Jun 2015

euskalhack

Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019

evasion

Conditional DDE | 05 Dec 2017
An update on MD5 poisoning | 28 Nov 2016

exploit

Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation | 22 Aug 2023
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service | 03 Jul 2023
Bare Knuckled Antivirus Breaking | 08 Jan 2018
Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017
Fools of Golden Gate | 08 May 2017
Bake your own EXTRABACON | 25 Aug 2016
CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution | 07 May 2015
WebLogic undocumented hacking | 03 Oct 2014
Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014
Plesk panel decryption | 17 Dec 2013

extrabacon

Bake your own EXTRABACON | 25 Aug 2016

fail

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

file upload

Drop-by-Drop: Bleeding through libvips | 18 Apr 2019
Virtual Bank Robbery - In Real Life | 19 Jun 2015
WebLogic undocumented hacking | 03 Oct 2014
Compressed file upload and command execution | 31 Jan 2014

firefox

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

firewall

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019

flamebait

OWASP Top 10 is overrated | 31 Mar 2014

forensics

iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016

format string attack

How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

framework

Tips and scripts for reconnaissance and scanning | 20 May 2020

frida

From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

frida.re

From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

fuzzer

How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

fuzzing

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

ghidra

Adding XCOFF Support to Ghidra with Kaitai Struct | 06 Apr 2021

giac

Tips and scripts for reconnaissance and scanning | 20 May 2020

gold paper

Tips and scripts for reconnaissance and scanning | 20 May 2020
Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020
Unix-style approach to web application testing | 27 Mar 2020
Testing stateful web application workflows | 15 Jan 2016
Testing Oracle Forms | 27 May 2015
AIX for Penetration Testers | 09 Jan 2015

golden gate

Fools of Golden Gate | 08 May 2017

gwapt

Tips and scripts for reconnaissance and scanning | 20 May 2020
Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020
Unix-style approach to web application testing | 27 Mar 2020
Testing stateful web application workflows | 15 Jan 2016
Testing Oracle Forms | 27 May 2015

hack

ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

hacking

AIX for Penetration Testers | 09 Jan 2015
WebLogic undocumented hacking | 03 Oct 2014
How to get root access on FireEye OS | 28 Jul 2014
HP-UX 0day local privilege escalation | 25 Jun 2014
JDB tricks to hack Java Debug Wire | 09 Feb 2014

harnessing

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

hash

Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

hexa editor

Compressed file upload and command execution | 31 Jan 2014

hp

SNMP trap? | 14 Mar 2014

hpux

HP-UX 0day local privilege escalation | 25 Jun 2014

hr

The story of a pentester recruitment | 03 Apr 2015

html

Sanitizing input with regex considered harmful | 07 Mar 2014

ibm

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

ids

Fools of Golden Gate | 08 May 2017

ike-scan

ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

info leak

Virtual Bank Robbery - In Real Life | 19 Jun 2015

internet bank

Virtual Bank Robbery - In Real Life | 19 Jun 2015

ios

iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016

ipc

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

ips

Fools of Golden Gate | 08 May 2017

ipt

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

isakmp

ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

java

Our new scanner for Text4Shell | 18 Oct 2022
Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021
Unexpected Deserialization pt.1 - JMS | 17 Aug 2020
Patching Android apps: what could possibly go wrong | 21 Oct 2019
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014
JDB tricks to hack Java Debug Wire | 09 Feb 2014

jdb

Patching Android apps: what could possibly go wrong | 21 Oct 2019
Accessing local variables in ProGuarded Android apps | 16 Jun 2016
JDB tricks to hack Java Debug Wire | 09 Feb 2014

jdwp

Accessing local variables in ProGuarded Android apps | 16 Jun 2016
JDB tricks to hack Java Debug Wire | 09 Feb 2014

jms

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

joern

Code Review on the Cheap | 06 Jan 2015

jose

Abusing JWT public keys without the public key | 08 Feb 2021

jws

Abusing JWT public keys without the public key | 08 Feb 2021

jwt

Abusing JWT public keys without the public key | 08 Feb 2021
Wide open banking: PSD2 and us | 27 Jan 2020

kaitai

Engineering WCF Hacks | 27 Oct 2024
Adding XCOFF Support to Ghidra with Kaitai Struct | 06 Apr 2021

kaitaistruct

Engineering WCF Hacks | 27 Oct 2024

kaspersky

Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019
Bare Knuckled Antivirus Breaking | 08 Jan 2018

kfx

Fuzzy Snapshots of Firefox IPC | 14 Oct 2021

kotlin

Our new scanner for Text4Shell | 18 Oct 2022
Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021
Patching Android apps: what could possibly go wrong | 21 Oct 2019

libvips

Drop-by-Drop: Bleeding through libvips | 18 Apr 2019

local

HP-UX 0day local privilege escalation | 25 Jun 2014

log4j

Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021

log4shell

Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021

malware

Conditional DDE | 05 Dec 2017
Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

mcafee

Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017

md5

An update on MD5 poisoning | 28 Nov 2016
Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

memory disclosure

Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020

memory leak

Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020
Drop-by-Drop: Bleeding through libvips | 18 Apr 2019

memory safety

Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020

methodology

OWASP Top 10 is overrated | 31 Mar 2014

mitm

Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017

mitmproxy

Testing stateful web application workflows | 15 Jan 2016

modem

Banging 3G rocks | 23 Jan 2014

montoya api

Handling Arbitrarily Nested Structures with Burp Suite | 06 Dec 2024

mq

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

nbfs

Engineering WCF Hacks | 27 Oct 2024

nbfx

Engineering WCF Hacks | 27 Oct 2024

net.tcp

Engineering WCF Hacks | 27 Oct 2024

nettcp

Engineering WCF Hacks | 27 Oct 2024

nmf

Engineering WCF Hacks | 27 Oct 2024

nsa

Bake your own EXTRABACON | 25 Aug 2016

objection

Patching Android apps: what could possibly go wrong | 21 Oct 2019

ocular

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

officescan

Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014

oracle forms

Testing Oracle Forms | 27 May 2015

osce

Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014

owasp

The story of a pentester recruitment | 03 Apr 2015
OWASP Top 10 is overrated | 31 Mar 2014

panda

An update on MD5 poisoning | 28 Nov 2016

parallels

Plesk panel decryption | 17 Dec 2013

passwords

Finding the salt with SQL inception | 17 Sep 2015

penetration test

Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

penetration testing

The story of a pentester recruitment | 03 Apr 2015
AIX for Penetration Testers | 09 Jan 2015

pentest

Abusing Adopted Authority on IBM i | 20 Jan 2023
Another Tale of IBM i (AS/400) Hacking | 28 Sep 2022
Simple IBM i (AS/400) hacking | 05 Sep 2022
Wide open banking: PSD2 and us | 27 Jan 2020
You’re not looking at the big picture | 10 Feb 2016
Proxying nonstandard HTTPS traffic | 02 Oct 2015
Virtual Bank Robbery - In Real Life | 19 Jun 2015
The story of a pentester recruitment | 03 Apr 2015
JDB tricks to hack Java Debug Wire | 09 Feb 2014

plesk

Plesk panel decryption | 17 Dec 2013

plugin

Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

privesc

Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation | 22 Aug 2023
Booby Trapping IBM i | 30 Mar 2023
Abusing Adopted Authority on IBM i | 20 Jan 2023
Another Tale of IBM i (AS/400) Hacking | 28 Sep 2022
Simple IBM i (AS/400) hacking | 05 Sep 2022
Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019
HP-UX 0day local privilege escalation | 25 Jun 2014

privilege escalation

Self-defenseless - Exploring Kaspersky’s local attack surface | 24 Jun 2019
Bare Knuckled Antivirus Breaking | 08 Jan 2018

projects

Wide open banking: PSD2 and us | 27 Jan 2020
Proxying nonstandard HTTPS traffic | 02 Oct 2015
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014

proxy

Proxying nonstandard HTTPS traffic | 02 Oct 2015

psk

ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

pyjwt

Abusing JWT public keys without the public key | 08 Feb 2021

race condition

Virtual Bank Robbery - In Real Life | 19 Jun 2015

rce

Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) | 14 Aug 2017
CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution | 07 May 2015

reconnaissance

Tips and scripts for reconnaissance and scanning | 20 May 2020

recruit

The story of a pentester recruitment | 03 Apr 2015

recruitment

The story of a pentester recruitment | 03 Apr 2015

regex

Sanitizing input with regex considered harmful | 07 Mar 2014

report

The story of a pentester recruitment | 03 Apr 2015

reputation

Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

reverse_engineering

Adding XCOFF Support to Ghidra with Kaitai Struct | 06 Apr 2021
Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Patching Android apps: what could possibly go wrong | 21 Oct 2019
Emulating custom crytography with ripr | 21 Dec 2017
Accessing local variables in ProGuarded Android apps | 16 Jun 2016
Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014
Quick and dirty Android binary XML edits | 04 Apr 2014
From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

ripr

Emulating custom crytography with ripr | 21 Dec 2017

root access

How to get root access on FireEye OS | 28 Jul 2014

sandbox

Conditional DDE | 05 Dec 2017

sans

Tips and scripts for reconnaissance and scanning | 20 May 2020
Testing Oracle Forms | 27 May 2015

scanner

Fools of Golden Gate | 08 May 2017

scanning

Tips and scripts for reconnaissance and scanning | 20 May 2020

scsp

CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution | 07 May 2015

shadowbrokers

Bake your own EXTRABACON | 25 Aug 2016

silentsignal

The story of a pentester recruitment | 03 Apr 2015

smali

Accessing local variables in ProGuarded Android apps | 16 Jun 2016

snmp

SNMP trap? | 14 Mar 2014

soap

Wide open banking: PSD2 and us | 27 Jan 2020

social_engineering

Our take on social engineering | 04 Apr 2019
Banging 3G rocks | 23 Jan 2014

spring

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

sql inecption

Finding the salt with SQL inception | 17 Sep 2015

sql injection

Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Finding the salt with SQL inception | 17 Sep 2015

sql_injection

Duncan - Expensive injections | 10 Jan 2014

sqli

Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Duncan - Expensive injections | 10 Jan 2014

ssl

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019
Proxying nonstandard HTTPS traffic | 02 Oct 2015

static analysis

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

switch

SNMP trap? | 14 Mar 2014

symantec

Bare Knuckled Antivirus Breaking | 08 Jan 2018
CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution | 07 May 2015
From Read to Domain Admin - Abusing Symantec Backup Exec with Frida | 27 Feb 2014

text4shell

Our new scanner for Text4Shell | 18 Oct 2022

threat intelligence

Poisonous MD5 - Wolves Among the Sheep | 10 Jun 2015

tool

Our new scanner for Text4Shell | 18 Oct 2022
Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021
Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020
Unix-style approach to web application testing | 27 Mar 2020
Patching Android apps: what could possibly go wrong | 21 Oct 2019
Snow cannon vs. unique snowflakes — testing registration forms | 02 Feb 2018
Not so unique snowflakes | 17 Feb 2017
Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Accessing local variables in ProGuarded Android apps | 16 Jun 2016
Detecting ImageTragick with Burp Suite Pro | 13 May 2016
iOS HTTP cache analysis for abusing APIs and forensics | 06 May 2016
Proxying nonstandard HTTPS traffic | 02 Oct 2015
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014
Duncan - Expensive injections | 10 Jan 2014

tools

Tips and scripts for reconnaissance and scanning | 20 May 2020

top10

OWASP Top 10 is overrated | 31 Mar 2014

trend_micro

Bare Knuckled Antivirus Breaking | 08 Jan 2018
Trend Micro OfficeScan - A chain of bugs | 06 Jun 2014

trojan

Banging 3G rocks | 23 Jan 2014

undocumented

WebLogic undocumented hacking | 03 Oct 2014

unicorn_engine

Emulating custom crytography with ripr | 21 Dec 2017

uuid

Not so unique snowflakes | 17 Feb 2017

vpn

Evading Cisco AnyConnect blocking LAN connections | 02 Jul 2019
ISAKMP hacking - How much should we trust our tools? | 17 Apr 2014

vulnerability

Drop-by-Drop: Bleeding through libvips | 18 Apr 2019
How to get root access on FireEye OS | 28 Jul 2014

waf

The curious case of encrypted URL parameters | 22 May 2018
WAF bypass made easy | 06 Jan 2014

wcf

Engineering WCF Hacks | 27 Oct 2024

web

Handling Arbitrarily Nested Structures with Burp Suite | 06 Dec 2024
Our new scanner for Text4Shell | 18 Oct 2022
Our new tool for enumerating hidden Log4Shell-affected hosts | 12 Dec 2021
Tips and scripts for reconnaissance and scanning | 20 May 2020
Uninitialized Memory Disclosures in Web Applications | 20 Apr 2020
Unix-style approach to web application testing | 27 Mar 2020
The curious case of encrypted URL parameters | 22 May 2018
Snow cannon vs. unique snowflakes — testing registration forms | 02 Feb 2018
Beyond detection: exploiting blind SQL injections with Burp Collaborator | 03 Jan 2017
Detecting ImageTragick with Burp Suite Pro | 13 May 2016
You’re not looking at the big picture | 10 Feb 2016
Finding the salt with SQL inception | 17 Sep 2015
Testing Oracle Forms | 27 May 2015
Sanitizing input with regex considered harmful | 07 Mar 2014
Testing websites using ASP.NET Forms Authentication with Burp Suite | 20 Feb 2014
Compressed file upload and command execution | 31 Jan 2014
WAF bypass made easy | 06 Jan 2014
Plesk panel decryption | 17 Dec 2013

weblogic

WebLogic undocumented hacking | 03 Oct 2014

websphere

Unexpected Deserialization pt.1 - JMS | 17 Aug 2020

whitelisting

An update on MD5 poisoning | 28 Nov 2016

ws-security

Wide open banking: PSD2 and us | 27 Jan 2020

xcoff

Adding XCOFF Support to Ghidra with Kaitai Struct | 06 Apr 2021

xml

Decrypting and analyzing HTTPS traffic without MITM | 04 May 2020
Wide open banking: PSD2 and us | 27 Jan 2020
Patching Android apps: what could possibly go wrong | 21 Oct 2019
Quick and dirty Android binary XML edits | 04 Apr 2014

yahoobleed

Drop-by-Drop: Bleeding through libvips | 18 Apr 2019

zero day

How did I find the Apple Remote Desktop bug? - CVE-2013-5135 | 13 Jan 2014

zipslip

Compressed file upload and command execution | 31 Jan 2014

zte

Banging 3G rocks | 23 Jan 2014