Categories

Blaze Information Security - Wildfire Labs

Categories

  • News (1)
  • survey (1)
  • security (7)
  • webappsec (2)
  • postexploitation (1)
  • tools (3)
  • telegram (3)
  • burp (1)
  • gsm (1)
  • bladerf (1)
  • yatebts (1)
  • fuzzing (1)
  • advisory (5)
  • security research (7)
  • ssrf (1)
  • xss (1)
  • ntlm (2)
  • responder (1)
  • smart contract (2)
  • blockchain (2)
  • audit (2)
  • solidity (2)
  • red team (1)
  • homographs (3)
  • signal (2)
  • linux (1)
  • aslr (1)
  • vulnerability (2)
  • bypass (1)
  • kernel (0)
  • userland (1)
  • i2p (1)
  • privilege escalation (2)
    • Menu

    Blaze Information Security

    17 posts
    security research, advisory, vulnerability, privilege escalation — 22 June 2020

    Security advisory: Mullvad VPN client for Windows 2020.3 local privilege escalation

    Advisory information Title: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory reference: BLAZE-03-2020 Product: Mullvad 2020.3 for Windows CVE reference: CVE-2020-14197 Disclosure mode: Coordinated Product description Mullvad is a Sweden-based VPN provider with a strong focus...

    security research, advisory, i2p, vulnerability, privilege escalation — 29 May 2020

    Security advisory: i2p for Windows local privilege escalation

    Advisory information Title: i2p for Windows local privilege escalation Advisory reference: BLAZE-02-2020 Product: i2p 0.7.5 to 0.9.45 for Windows CVE reference: CVE-2020-13431 Disclosure mode: Coordinated Product description i2p (The Invisible Internet Project) is an anonymous network,...

    linux, aslr, security research, bypass, userland — 10 February 2020

    The never ending problems of local ASLR holes in Linux

    Introduction Address Space Layout Randomization, or simply ASLR, is a probabilistic security defense that was released by the PaX Team in 2001 and introduced into upstream kernels in 2005 (2.6.12). As the name itself indicates, it randomly arranges...

    homographs, telegram, signal, security research — 01 April 2019

    What you see is not what you get: when homographs attack

    Introduction Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN over two decades ago, a series of brand new security implications were also brought into light together with the possibility of...

    advisory, telegram, security research, homographs — 25 March 2019

    Security advisory: Telegram instant messenger IDN homograph attack

    Advisory information Title: Telegram instant messenger IDN homograph attacks Advisory reference: BLAZE-02-2019 (CVE-2019-10044) Product: Telegram Disclosure mode: Coordinated disclosure Product description Telegram is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You...

    homographs, security research, advisory, signal — 24 March 2019

    Security advisory: Signal IDN homograph attack

    Advisory information Title: Signal IDN homograph attacks Advisory reference: BLAZE-01-2019 (CVE-2019-9970) Product: Signal Disclosure mode: Coordinated disclosure Product description Signal is an encrypted communications app for Android and iOS. A desktop version is also available for Linux, Windows, and macOS....

    ntlm, security, red team — 03 July 2018

    Love letters from the red team: from e-mail to NTLM hashes with Microsoft Outlook

    Introduction A few months ago Will Dormann of CERT/CC published a blog post [1] describing a technique where an adversary could abuse Microsoft Outlook together with OLE objects, a feature of Microsoft Windows since its early days, to force...

    blockchain, solidity, smart contract, audit, security — 30 March 2018

    Jury.Online smart contract security audit

    Introduction This blog post presents the results of a security audit of a smart contract performed by Blaze Information Security, and made public on behalf of the client Jury.Online. This post contains the very same information and findings present...

    security, smart contract, blockchain, audit, solidity — 26 February 2018

    ANNI tokens smart contract security audit

    Introduction This blog post presents the results of a security audit of a smart contract performed by Blaze Information Security, and made public on behalf of the client Array.io (formerly known as Annihilat.io). This post contains the very...

    ssrf, webappsec, xss, ntlm, responder — 18 December 2017

    Leveraging web application vulnerabilities to steal NTLM hashes

    Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook...

    security, tools, fuzzing — 10 June 2017

    Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs

    Introduction As security consultants, we act as hired guns by our clients to perform black-box security testing of applications. Oftentimes we have to assess the security of applications that use their own proprietary schemes for communication, instead of relying on...

    advisory, security research — 29 March 2017

    Security advisory: Porteus Kiosk security restrictions bypass

    Advisory information Title: Porteus Kiosk security restrictions bypass Advisory reference: BLAZE-01-2017 Product: Porteus Kiosk Disclosure mode: Coordinated disclosure Product description Porteus Kiosk is a popular lightweight Linux designed to be used as a kiosk solution. It implements several restrictions with...

    security, gsm, bladerf, yatebts — 12 September 2016

    Practical attacks against GSM networks (Part 1/3): Impersonation

    Introduction The Global System for Mobile Communications (GSM) is a mobile technology and the most popular standard for mobile phones worldwide. Originally known as Groupe Spécial Mobile, the GSM came through the CEPT (Conférence des Administrations Européenes des Postes et...

    tools, burp, security — 29 June 2016

    Turning Burp Scanner vulnerabilities into Splunk events

    Introduction Splunk is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data. It is widely used by Security Operation Centre (SOC) teams to provide advanced security event monitoring, threat analytics, incident response and cyber threat management....

    survey, security, webappsec — 30 May 2016

    A survey on the usage of HTTP security headers in Brazil and Estonia

    Introduction In the recent years a number of security-oriented client-side controls for web browsers appeared in the scene in form of security headers. These headers can be used to improve the security of the user experience when interacting with a...

    postexploitation, tools, telegram — 18 May 2016

    bt2: leveraging Telegram as a command & control platform

    Introduction At Blaze Security we are always looking for new ways to further improve our engagements. As every penetration tester knows, post-exploitation is a crucial step for successful compromise and further penetration deep inside the network. Maintaining a strong foothold...

    News — 04 May 2016

    printf("hello, world!");

    We are strong believers in technical excellence and the entire team firmly holds as an opinion that research is the lifeblood of the information security industry. Especially in such a fast-paced industry like IT security, no innovation or no time...

    WILDFIRE LABS

    Wildfire Labs is the advanced research group of Blaze Information Security specializing in vulnerability discovery and development of security research.

    cd $HOME
    Contact
    • [email protected]
    • |
    • [email protected]
    Follow us
    • Facebook
    • Linkedin
    • Twitter
    • GitHub