You’re not looking at the big picture
When serving image assets, many web developers find it useful to have a feature that scales the image to a size specified in a URL parameter. After all, bandwidth is expensive, latency is killing the...
View ArticleDetecting ImageTragick with Burp Suite Pro
After ImageTragick (CVE-2016–3714) was published, we immediately started thinking about detecting it with Burp, which we usually use for web application testing. Although collaborator would be a...
View ArticleBeyond detection: exploiting blind SQL injections with Burp Collaborator
It’s been a steady trend that most of our pentest projects revolve around web applications and/or involve database backends. The former part is usually made much easier by Burp Suite, which has a...
View ArticleSnow cannon vs. unique snowflakes — testing registration forms
Many of the web application tests we conducted had a registration form in the scope. In such cases, there’s usually a field that needs to be unique for each invocation, sometimes called username, in...
View ArticleThe curious case of encrypted URL parameters
As intra-app URLs used in web applications are generated and parsed by the same code base, there’s no external force pushing developers towards using a human-readable form of serialization. Sure, it’s...
View ArticleUnix-style approach to web application testing
SANS Institute accepted my GWAPT Gold Paper about Unix-style approach to web application testing, the paper is now published in the Reading Room. The paper introduces several problems I’ve been facing...
View ArticleUninitialized Memory Disclosures in Web Applications
While we at Silent Signal are strong believers in human creativity when it comes to finding new, or unusual vulnerabilities, we’re also constantly looking for ways to transform our experience into...
View ArticleTips and scripts for reconnaissance and scanning
Renewal paper of my GIAC Web Application Penetration Tester certification: Tips and scripts for reconnaissance and scanning
View ArticleOur new tool for enumerating hidden Log4Shell-affected hosts
Log4Shell, formally known as CVE-2021-44228 seems to be the next big vulnerability that affects a huge number of systems, and the affected component, Log4j gets involved in logging untrusted data by...
View ArticleOur new scanner for Text4Shell
Some say, CVE-2022-42889 is the new Log4Shell, for which we developed our own tool to enumerate affected hosts back in 2021. Others like Rapid7 argue that it may not be as easy to exploit like...
View Article