Our Blog

Dress Code – The Talk

Reading time: ~33 min
TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023,...

Decoding BlazorPack

Reading time: ~14 min
TL;DR: I couldn’t make a custom BlazorPack editor work in Burp, so I used Mallet instead. From an indecipherable binary...

Adventures into HTTP2 and HTTP3

Reading time: ~21 min
A few months ago I was exploring the write-ups and video solutions for the retired HackTheBox machine – Quick. It’s...

Being Stubborn Pays Off pt. 2 – Tale of two 0days on PRTG Network Monitor

Reading time: ~12 min
Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and...

Bypassing access control in BMC Control-D Report Viewer

Reading time: ~5 min
BMC makes a number of mainframe-focused applications, one of which is Control-D. Control-D is a “Report Distribution system for distributed...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...

Abusing File Converters

Reading time: ~3 min
Every now and then you run into a new file format and you find that you may not have a...

[Another] Intercepting Proxy

Reading time: ~6 min
But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and...

Break the Web at BlackHat Singapore

Reading time: ~2 min
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available...

SensePost Challenge – Winners and Walkthrough

Reading time: ~10 min
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses...

Associating an identity with HTTP requests – a Burp extension

Reading time: ~8 min
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...

Revisting XXE and abusing protocols

Reading time: ~9 min
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)

Reading time: ~1 min
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...

Applescript for HTTP BruteForcing..

Reading time: ~2 min
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to...

Rob Auger from OWASP/WASC/CGiSecurity on Timing..

Reading time: ~1 min
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...

BotNets not just for SPAM any more

Reading time: Less than a minute
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to...

Re: Jeremiah Grossmans “How to find your websites”

Reading time: ~3 min
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear...