Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs

wizard logo B web 1

Introduction As security consultants, we act as hired guns by our clients to perform black-box security testing of applications. Oftentimes we have to assess the security of applications that use their own proprietary schemes for communication, instead of relying on conventional protocols such as HTTP. Recently we were faced with a short-term engagement that involved […]

Turning Burp Scanner vulnerabilities into Splunk events

blaze ilustra 4 wild

Introduction Splunk is a fully featured, powerful platform for collecting, searching, monitoring, and analyzing machine data. It is widely used by Security Operation Center (SOC) teams to provide advanced security event monitoring, threat analytics, incident response, and cyber threat management. Burp Suite is a must-have web application attack proxy tool used by security analysts around […]

leveraging Telegram as a command & control platform

Leveraging Telegram As A Command

Introduction At Blaze, we are always looking for new ways to further improve our engagements. As every penetration tester knows, post-exploitation is a crucial step for successful compromise and further penetration deep inside the network. Maintaining a strong foothold within the target organization is key. Hence, we have created Blaze Telegram Backdoor Tool (bt2), a […]