4 min read
Attack of the clones 2: Git CLI remote code execution strikes back
Introduction This post is the second part of the story of a vulnerability that could be leveraged as a supply chain attack and used to hack millions
Tag : Blaze Information Security - Wildfire Labs
4 min read
4 min read
Attack of the clones: Git clients remote code execution
Introduction This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions of
30 min read
Dissecting Ragnar Locker: The Case Of EDP
Introduction On April 13th 2020, news broke out on Portuguese media [1] that Energias de Portugal (EDP), the Portuguese multinational energy giant
4 min read
Security advisory: Mattermost Mobile for iOS v1.31.0 Authentication Token Leakage and Account Takeover
Advisory information Title: Mattermost Mobile for iOS Authentication Token Leakage and Account Takeover Advisory reference: BLAZE-05-2020 Product:
3 min read
Security advisory: Mullvad VPN client for Windows 2020.3 local privilege escalation
Advisory information Title: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory reference: BLAZE-03-2020 Product: Mullvad
3 min read
Security advisory: i2p for Windows local privilege escalation
Advisory information Title: i2p for Windows local privilege escalation Advisory reference: BLAZE-02-2020 Product: i2p 0.7.5 to 0.9.45 for Windows CVE
6 min read
The never ending problems of local ASLR holes in Linux
Introduction Address Space Layout Randomization, or simply ASLR, is a probabilistic security defense that was released by the PaX Team in 2001 and
8 min read
What you see is not what you get: when homographs attack
Introduction Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN over two decades
8 min read
What you see is not what you get: when homographs attack
Introduction Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN over two decades
3 min read
Security advisory: Telegram instant messenger IDN homograph attack
Advisory information Title: Telegram instant messenger IDN homograph attacks Advisory reference: BLAZE-02-2019 (CVE-2019-10044) Product:
3 min read
Security advisory: Telegram instant messenger IDN homograph attack
Advisory information Title: Telegram instant messenger IDN homograph attacks Advisory reference: BLAZE-02-2019 Product: Telegram Disclosure mode:
3 min read
Security advisory: Signal IDN homograph attack
Advisory information Title: Signal IDN homograph attacks Advisory reference: BLAZE-01-2019 (CVE-2019-9970) Product: Signal Disclosure mode:
3 min read
Security advisory: Signal IDN homograph attack
Advisory information Title: Signal IDN homograph attacks Advisory reference: BLAZE-01-2019 (CVE-2019-9970) Product: Signal Disclosure mode:
6 min read
Love letters from the red team: from e-mail to NTLM hashes with Microsoft Outlook
Introduction A few months ago Will Dormann of CERT/CC published a blog post [1] describing a technique where an adversary could abuse Microsoft
1 min read
Jury.Online smart contract security audit
Introduction This blog post presents the results of a security audit of a smart contract performed by Blaze Information Security, and made public on