Compromising healthcare – from SQL injection to domain admin
This post details how a SQL injection in a web app led to full Active Directory compromise during a red team exercise in a healthcare organization.
Blaze Labs is the R&D group of Blaze Information Security.
This post details how a SQL injection in a web app led to full Active Directory compromise during a red team exercise in a healthcare organization.
This post describes a case study of a recent LLM pentest engagement that allowed to exploit the LLM agent for remote code execution.
This post provides a walkthrough of an escalation to domain admin taking advantage of Veeam backups.
This post discusses security concerns and two vulnerabilities in Harmony and oByte, two browser extensions that serves as a cryptocurrency software wallet.
This post provides an overview of hacking play-to-earn blockchain games and common security pitfalls affecting P2E. It explains in detail how several vulnerabilities were discovered in a P2E game named Manarium.
This post provides an overview of Dependency Confusion attacks and explains how they can be exploited in the wild, with examples using NPM packages and tips to prevent these vulnerabilities from occurring.
This post aims to showcase one of the many possible techniques for bypassing antivirus solutions through in-memory patching of AMSI instructions.
Introduction This post is the second part of the story of a vulnerability that could be leveraged as a supply chain attack and used to
Introduction This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions