security, tools, fuzzing — 10 June 2017 Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs Introduction As security consultants, we act as hired guns by our clients to perform black-box security testing of applications. Oftentimes we have to assess the security of applications that use their own proprietary schemes for communication, instead of relying on...
tools, burp, security — 29 June 2016 Turning Burp Scanner vulnerabilities into Splunk events Introduction Splunk is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data. It is widely used by Security Operation Centre (SOC) teams to provide advanced security event monitoring, threat analytics, incident response and cyber threat management....
postexploitation, tools, telegram — 18 May 2016 bt2: leveraging Telegram as a command & control platform Introduction At Blaze Security we are always looking for new ways to further improve our engagements. As every penetration tester knows, post-exploitation is a crucial step for successful compromise and further penetration deep inside the network. Maintaining a strong foothold...