Leveraging web application vulnerabilities to steal NTLM hashes
Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook of every penetration tester and red teamer. Here at Blaze Information Security, we recently spent […]
Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs
Introduction As security consultants, we act as hired guns by our clients to perform black-box security testing of applications. Oftentimes we have to assess the security of applications that use their own proprietary schemes for communication, instead of relying on conventional protocols such as HTTP. Recently we were faced with a short-term engagement that involved […]
Security advisory: Porteus Kiosk security restrictions bypass
Advisory information Title: Porteus Kiosk security restrictions bypass Advisory reference: BLAZE-01-2017 Product: Porteus Kiosk Disclosure mode: Coordinated disclosure Product description Porteus Kiosk is a popular lightweight Linux designed to be used as a kiosk solution. It implements several restrictions with the intent to prevent malicious users to modify the configuration of the Firefox browser and […]
Practical attacks against GSM networks (Part 1/3): Impersonation
Introduction The Global System for Mobile Communications (GSM) is a mobile technology and the most popular standard for mobile phones worldwide. Originally known as Groupe Spécial Mobile, the GSM came through the CEPT (Conférence des Administrations Européenes des Postes et Télécommunications), that in 1982, worked to develop a standard for European digital cellular telecommunications. In […]
Turning Burp Scanner vulnerabilities into Splunk events
Introduction Splunk is a fully featured, powerful platform for collecting, searching, monitoring, and analyzing machine data. It is widely used by Security Operation Center (SOC) teams to provide advanced security event monitoring, threat analytics, incident response, and cyber threat management. Burp Suite is a must-have web application attack proxy tool used by security analysts around […]
A survey on the usage of HTTP security headers in Brazil and Estonia
Introduction In recent years a number of security-oriented client-side controls for web browsers appeared in the scene in form of security headers. These headers can be used to improve the security of the user experience when interacting with a web application with little additional effort and negligible performance overhead — essentially, they can serve as […]
Leveraging Telegram as a command & control platform
Introduction At Blaze, we are always looking for new ways to further improve our engagements. As every penetration tester knows, post-exploitation is a crucial step for successful compromise and further penetration deep inside the network. Maintaining a strong foothold within the target organization is key. Hence, we have created Blaze Telegram Backdoor Tool (bt2), a […]
printf(“hello, world!”);
We are strong believers in technical excellence and the entire team firmly holds as an opinion that research is the lifeblood of the information security industry. Especially in such a fast-paced industry like IT security, no innovation or no time to experiment with new technologies is nothing but paving the way to become irrelevant. Wildfire […]
