Security advisory: Telegram instant messenger IDN homograph attack

bug bw 1

Advisory information Title: Telegram instant messenger IDN homograph attacks Advisory reference: BLAZE-02-2019 (CVE-2019-10044) Product: Telegram Disclosure mode: Coordinated disclosure Product Description Telegram is a messaging app focused on speed and security; it’s super-fast, simple, and free. You can use Telegram on all your devices at the same time — your messages sync seamlessly across any […]

Homographs Attack: What you see is not what you get

homographs attack

Introduction Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN over two decades ago, a series of brand new security implications were also brought into the light together with the possibility of registering domain names using different alphabets and Unicode characters. When researching the feasibility of […]

Leveraging Telegram as a command & control platform

Leveraging Telegram As A Command

Introduction At Blaze, we are always looking for new ways to further improve our engagements. As every penetration tester knows, post-exploitation is a crucial step for successful compromise and further penetration deep inside the network. Maintaining a strong foothold within the target organization is key. Hence, we have created Blaze Telegram Backdoor Tool (bt2), a […]