Self-defenseless - Exploring Kaspersky’s local attack surface I had the pleasur... 2019-6-24 15:47:10 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu github curious pleasure euskalhack motivation

Decrypting Eazfuscator.NET encrypted symbol names There are many obfuscators for different languages, and some of those offer reversible... 2019-5-10 16:40:52 | 阅读: 4 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu pbkdf2 decryptor obfuscator pkcs7 resulted

Drop-by-Drop: Bleeding through libvips During a recent engagement we encountered a quite common web application feature: prof... 2019-4-18 17:23:59 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu memory libvips cinfo fingerping sharp

Our take on social engineering Like many other offensive IT security companies, we also offer social engineerin... 2019-4-4 22:52:46 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu security attacker caught malicious chapter

The curious case of encrypted URL parameters As intra-app URLs used in web applications are generated and parsed by the same code b... 2018-5-22 13:43:24 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu ciphertext payload encryption developers flip

Snow cannon vs. unique snowflakes — testing registration forms Many of the web a... 2018-2-2 17:24:4 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu uniqueness burp extender identical username

Bare Knuckled Antivirus Breaking Endpoint security... 2018-1-8 16:55:34 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu security bitdefender symantec avgater bypass

Emulating custom crytography with ripr Custom cryptography and obfuscation are recurring patterns that we encounter during ou... 2017-12-21 17:22:25 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu prga memory ripr mu ksa

Conditional DDE Here’s a little t... 2017-12-5 19:31:4 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu dde payload powershell simulate stoppers

Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) At the end of las... 2017-8-14 15:27:21 | 阅读: 10 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu mcafee software security ssp remote

Fools of Golden Gate In this blog post, we once again demonstrate that excessive reliance on automated tool... 2017-5-8 16:7:39 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu sf gate zdi x20did obey

Not so unique snowflakes When faced with the problem of identifying entities, most people reach for incremental... 2017-2-17 23:59:20 | 阅读: 2 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu uuids burp attacker identifiers pentesters

Beyond detection: exploiting blind SQL injections with Burp Collaborator It’s been a steady trend that most of our pentest projects revolve around web applicat... 2017-1-3 18:34:5 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu burp duncan payload python

An update on MD5 poisoning Last year we published a proof-of-concept tool to demonstrate bypasses against s... 2016-11-28 20:0:0 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu panda security pcopinfo requesting sheep

Bake your own EXTRABACON In the last couple of days we took a closer look at the supposed NSA exploit EXTRABACO... 2016-8-25 16:23:5 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu a5 firmware asa shellcode extrabacon

Accessing local variables in ProGuarded Android apps Debugging applications without access to the source code always has its problems, espe... 2016-6-16 18:43:40 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu smali pgdebug hu dosecret

Detecting ImageTragick with Burp Suite Pro After ImageTragic... 2016-5-13 22:53:27 | 阅读: 0 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu rce1 burp payload reused

iOS HTTP cache analysis for abusing APIs and forensics We’ve tested a nu... 2016-5-6 19:29:3 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu cfurl database burp blobs analysis

You’re not looking at the big picture When serving imag... 2016-2-11 00:5:7 | 阅读: 1 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu burp proxy payload security developers

Testing stateful web application workflows SANS Institute ac... 2016-1-15 20:34:28 | 阅读: 2 | 收藏 | Silent Signal Techblog - blog.silentsignal.eu workflows burp gold stateful facing