Decrypting and analyzing HTTPS traffic without MITM
Sniffing plaintext network traffic between apps and their backend APIs is an important step for pentesters to learn about how they interact. In this blog post, we’ll introduce a method to simplify...
View ArticleTips and scripts for reconnaissance and scanning
Renewal paper of my GIAC Web Application Penetration Tester certification: Tips and scripts for reconnaissance and scanning
View ArticleUnexpected Deserialization pt.1 – JMS
On a recent engagement our task was to assess the security of a service built on IBM Integration Bus, an integration platform for Java Messaging Services. These scary looking enterprise buzzwords...
View ArticleAbusing JWT public keys without the public key
This blog post is dedicated to those to brave souls that dare to roll their own crypto The RSA Textbook of Horrors This story begins with an old project of ours, where we were tasked to verify (among...
View ArticleAdding XCOFF Support to Ghidra with Kaitai Struct
It’s not a secret that we at Silent Signal are hopeless romantics, especially when it comes to classic Unix systems (1, 2, 3). Since some of these systems – that still run business critical...
View ArticleFuzzy Snapshots of Firefox IPC
In January Mozilla published a post on their Attack & Defense blog about Effectively Fuzzing the IPC Layer in Firefox. In this post the authors pointed out that testing individual components of...
View ArticleOur new tool for enumerating hidden Log4Shell-affected hosts
Log4Shell, formally known as CVE-2021-44228 seems to be the next big vulnerability that affects a huge number of systems, and the affected component, Log4j gets involved in logging untrusted data by...
View ArticleSimple IBM i (AS/400) hacking
When you get the chance to take a look at the IT systems of financial institutions, telcos, and other big companies, where availability has been a key business concern for decades, you’ll find, that...
View ArticleAnother Tale of IBM i (AS/400) Hacking
Our next journey takes us into the infrastructure of a bank. One element of the infrastructure was an IBM i (AS/400) server, and the only piece of information we got to conduct the penetration test was...
View ArticleOur new scanner for Text4Shell
Some say, CVE-2022-42889 is the new Log4Shell, for which we developed our own tool to enumerate affected hosts back in 2021. Others like Rapid7 argue that it may not be as easy to exploit like...
View Article