Silent Signal

@silentsignal@infosec.exchange
103 Followers
1 Following
29 Posts
Professional Ethical Hacking Services
Websitehttps://silentsignal.eu
Tech Bloghttps://blog.silentsignal.eu
GitHubhttps://github.com/silentsignal
Silent SignalJan 21

In our new blog post we take a little journey from an IBM advisory to confirming a new hardening in Windows 11 24H2:

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/

#redteam #windows #ibmi #ReverseEngineering

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

Because we can!

Silent Signal Techblog
Silent SignalJan 14

We worked hard to collect our experiences in hiring pentesters for almost a decade! Here are our thoughts and the solutions for our (in)famous Mushroom🍄 challenge.

This is the Story of a Pentester Recruitment 2025:

https://blog.silentsignal.eu/2025/01/14/pentester-recruitment-2025-mushroom/

#pentest #hiring #hr

Story of a Pentester Recruitment 2025

Because we can!

Silent Signal Techblog
Silent SignalDec 6, 2024

Santa brought new a blog post!

Handling Arbitrarily Nested Structures with #BurpSuite

https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/

Handling Arbitrarily Nested Structures with Burp Suite

Because we can!

Silent Signal Techblog
Silent SignalOct 28, 2024

In our new blogpost we guide you through the process of improving the tools available for #pentesting WCF services over the net.tcp binding:

https://blog.silentsignal.eu/2024/10/28/wcf-net.tcp-pentest/

We created a brand new #Kaitai Struct based parser and implemented transformations so messages can be manipulated and replayed with #BurpSuite.

Engineering WCF Hacks

Because we can!

Silent Signal Techblog
Silent SignalSep 3, 2024

The recording of our @WEareTROOPERS presentation is now online, enjoy!

#TROOPERS24 - IBM i for Wintel Hackers

https://www.youtube.com/watch?v=t4fUvfzgUbY

#IBMi

TROOPERS24: IBM i for Wintel Hackers

YouTube
Silent SignalAug 27, 2024

IBM issued a fix to CVE-2024-27275 that mitigates an #IBMi privilege escalation technique we published last year:

🥷https://blog.silentsignal.eu/2023/03/30/booby-trapping-ibm-i/
🧑‍🏭https://ibm.com/support/pages/node/7157637

The PTF restricts the use of the ADDPFTRG command - this is a breaking change documented in the Memo to Users.

Booby Trapping IBM i

Because we can!

Silent Signal Techblog
Silent SignalJul 23, 2024
buheratorJul 22, 2024

I uploaded the sample files referenced in our IBM i for Hackers document, so anyone can verify and improve on our findings/tools:

https://github.com/silentsignal/SAVF

The repo contains C sources and serialized #IBMi Program Objects. You can use our Ghidra-based tools to dissect the binaries.

Feedback welcome!

Below MI - IBM i for Hackers

Silent SignalJul 4, 2024

Our @recon slides and demo videos are now online as well:

https://silentsignal.hu/docs/S2-REcon24-Control_Flow_Integrity_on_IBM_i.pdf

#IBMi #reconmtl #recon2024 #recon24

Silent SignalJun 29, 2024

We're stoked we got to present about low-level #IBMi internals today at @recon! Here you can find our detailed writeup:

https://silentsignal.github.io/BelowMI/

We also released our @kaitai definition for the *PGM serialization format:

https://github.com/silentsignal/PGM-Kaitai

...and our #Ghidra extensions:

https://github.com/silentsignal/PowerAS

Stay tuned for slides and demos!

#REcon24 #REconmtl #REcon2024

Below MI - IBM i for Hackers

Silent SignalJun 26, 2024

It was an honor to present our #IBMi exploits at #TROOPERS24 today! You'll have to wait until @WEareTROOPERS releases the recordings for the full show (incl. live demos), until then you can find our slides here:

https://silentsignal.hu/docs/S2-TROOPERS24-IBM_i_for_Wintel_Hackers.pdf