silentsignal

@silentsignal@infosec.exchange

Professional Ethical Hacking Services

This profile is from a federated server and may be incomplete. Browse more on the original instance.

silentsignal, to random

Our Christmas gift is the publication of the 'Demystifying #IBMi System Security' webinar recording.

Key takeaways:

  • How to get a realistic view on IBM i System Security
  • How to build a bridge between IBM i System admins and security teams by feeding the prioritized list of actionable insights into an existing security dashboard
  • How to reduce the attack surface, break exploits
  • How to always have a Plan B for backup, and have your system up and running within 20 minutes

Speakers: Bรกlint Varga-Perke, co-founder and IT Security Expert at Silent Signal, Jack Wilkins, Technical consultant at Chilli IT

https://vimeo.com/878635579

silentsignal, to random

Another vulnerability reported by us got fixed, this time in BRMS:

"IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Backup, Recovery & Media Services for i (CVE-2023-40377)"

https://www.ibm.com/support/pages/node/7048121

silentsignal, to random

Another #IBMi LPE reported by us got fixed:

IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Directory Server for i (CVE-2023-40378)

https://www.ibm.com/support/pages/node/7047240

silentsignal, to random

Burp Git Version allows you to fingerprint the exact versions of open-source components of your target webapps by comparing the Git repository with some of the deployed static artifacts.

We now added a README to support wider adoption :)

https://github.com/silentsignal/burp-git-version

silentsignal, to random

Another #IBMi privilege escalation reported by us was just fixed - this is CVE-2023-40375:

"IBM i is vulnerable to a local privilege escalation due to a flaw in the base operating system code related to the Integrated application server for IBM i"

https://www.ibm.com/support/pages/node/7038748

silentsignal, to random

Apparently our Log4Shell scanner Burp Suite extension got removed from the BApp store because AV's tend to trigger on its embedded payload ๐Ÿ™„

Of course, you can always download the latest release and the source code from our GitHub:

https://github.com/silentsignal/burp-log4shell

silentsignal, to random

Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service

#IBMi #AS400

https://blog.silentsignal.eu/2023/07/03/ibm-i-dde-vulnerability-cve-2023-30990/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • JUstTest
  • kavyap
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • khanakhh
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • everett
  • ngwrru68w68
  • Durango
  • megavids
  • InstantRegret
  • cubers
  • GTA5RPClips
  • cisconetworking
  • ethstaker
  • osvaldo12
  • modclub
  • normalnudes
  • provamag3
  • tester
  • anitta
  • Leos
  • lostlight
  • All magazines
    •