Silent Signal

@[email protected]
108 Followers
1 Following
30 Posts
Professional Ethical Hacking Services
Websitehttps://silentsignal.eu
Tech Bloghttps://blog.silentsignal.eu
GitHubhttps://github.com/silentsignal
Silent SignalSep 4, 2025
Our newest blog post demonstrates once again that "attacks always get better, they never get worse" – and IBM i (AS/400) is no exception. Enjoy the next part of our journey along the trail of CVE-2023-30990: https://blog.silentsignal.eu/2025/09/04/Exploit-development-for-IBM-i/
Exploit development for IBM i

Because we can!

Silent Signal Techblog
Silent SignalAug 29, 2025
buheratorAug 29, 2025
Rage Against the Authentication State Machine

https://blog.silentsignal.eu/2025/06/14/gitblit-cve-CVE-2024-28080/

Beautiful authentication bypass in Gitblit from my old friends at @silentsignal !

CVE-2024-28080
Rage Against the Authentication State Machine

Because we can!

Silent Signal Techblog
Silent SignalJan 21, 2025

In our new blog post we take a little journey from an IBM advisory to confirming a new hardening in Windows 11 24H2:

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/

#redteam #windows #ibmi #ReverseEngineering

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

Because we can!

Silent Signal Techblog
Silent SignalJan 14, 2025

We worked hard to collect our experiences in hiring pentesters for almost a decade! Here are our thoughts and the solutions for our (in)famous Mushroom🍄 challenge.

This is the Story of a Pentester Recruitment 2025:

https://blog.silentsignal.eu/2025/01/14/pentester-recruitment-2025-mushroom/

#pentest #hiring #hr

Story of a Pentester Recruitment 2025

Because we can!

Silent Signal Techblog
Silent SignalDec 6, 2024

Santa brought new a blog post!

Handling Arbitrarily Nested Structures with #BurpSuite

https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/

Handling Arbitrarily Nested Structures with Burp Suite

Because we can!

Silent Signal Techblog
Silent SignalOct 28, 2024

In our new blogpost we guide you through the process of improving the tools available for #pentesting WCF services over the net.tcp binding:

https://blog.silentsignal.eu/2024/10/28/wcf-net.tcp-pentest/

We created a brand new #Kaitai Struct based parser and implemented transformations so messages can be manipulated and replayed with #BurpSuite.

Engineering WCF Hacks

Because we can!

Silent Signal Techblog
Silent SignalSep 3, 2024

The recording of our @WEareTROOPERS presentation is now online, enjoy!

#TROOPERS24 - IBM i for Wintel Hackers

https://www.youtube.com/watch?v=t4fUvfzgUbY

#IBMi

TROOPERS24: IBM i for Wintel Hackers

YouTube
Silent SignalAug 27, 2024

IBM issued a fix to CVE-2024-27275 that mitigates an #IBMi privilege escalation technique we published last year:

🥷https://blog.silentsignal.eu/2023/03/30/booby-trapping-ibm-i/
🧑‍🏭https://ibm.com/support/pages/node/7157637

The PTF restricts the use of the ADDPFTRG command - this is a breaking change documented in the Memo to Users.

Booby Trapping IBM i

Because we can!

Silent Signal Techblog
Silent SignalJul 4, 2024

Our @recon slides and demo videos are now online as well:

https://silentsignal.hu/docs/S2-REcon24-Control_Flow_Integrity_on_IBM_i.pdf

#IBMi #reconmtl #recon2024 #recon24

Silent SignalJun 29, 2024

We're stoked we got to present about low-level #IBMi internals today at @recon! Here you can find our detailed writeup:

https://silentsignal.github.io/BelowMI/

We also released our @kaitai definition for the *PGM serialization format:

https://github.com/silentsignal/PGM-Kaitai

...and our #Ghidra extensions:

https://github.com/silentsignal/PowerAS

Stay tuned for slides and demos!

#REcon24 #REconmtl #REcon2024

Below MI - IBM i for Hackers