Subscribe to our blog to get our latest announcements, news, career opportunities, random blog posts on computer security, app development, web technologies and the odd bad tempered rant. BlueBlock Solutions is not reponsible for content.

Our Blogs

Blog banner

In March 2020, in the midst of lockdown in Bahrain, we decided to release one of the projects we had been sitting on for a while. Over the years we have developed a number of projects that for one reason or another didn’t see the light of day. Some are business orientated, some are tech without a business application but the most viable are, almost always, a combination of both.

Google helpdesk hacking - Nov 02, 2017

A few weeks ago we brought to your attention Ticket Trick Help Desk Hacking and explained the wide variety of systems which could be susceptable to this attack. Further information on the use of this attack vector to infiltrate Google’s help desk application, Buganizer, is available via the medium article.

The internet is a weird and wonderful place where two or more parties share a communication link to communicate with each other. For services that assume a human will interact them there is significant scope for abuse of that service by programs designed to take advantage of that service. Computationally it is very cheap to send data over the internet and any function which performs a function on the data received, unless returning a static zero length message, will incur more costs than the sender.

We discuss ways that bot writers can use tools to enable the defeat of reCaptcha to wreak havok

As developers of business applications it is very common to create services that produce CSV files. CSV files comprise of tabular data on each row that is delimited by commas. Services for this format are simple to write and blazingly fast. Unfortunatly, partly because how quickly they can be produced, a lot of garbage can make its way into csv files. The fast majority of users will open csv files in the behometh, and much loved, Microsoft Excel. Excel is complete beast and will happily do many things with our csv file.

A recent public announcement by Inti De Ceukelaire (@securinti) shed some light on an exploit that he has been able to use on multiple websites. He has named this exploit “Ticket trick helpdesk hacking”.

Recent anaylsis by the Chaos Computer Club have found German voting software PC-Wahl 10 to have fundamental security issues. Their report highlights a host of vulnerabilities which are trivial to exploit. Exploitation could tamper with voting results at municipal polling offices and transmitted to state election authorities.

Always on the lookout for new tools to add the security arsenal I came accross a python library for the Vulners Database, one of the largest vulnerability databases around.

Hello World! - Oct 01, 2013

Well hello and welcome the the first blog post to be published on BlueBlockSolutions.com. As you can see this is your typical “Hello World” type post.

Found a website and a forensics contest yesterday quite by accident. I was waiting for somebody before going out for the night and I thought this might be a little fun while I waited. Now the contest had closed and the results where available, which I ignored until the end and went straight to Puzzle #2: Ann skips bail.

I came across an old enough post on Didier’s blog about Group policies that have disabled cmd.exe from running. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the DisableCMD string in cmd.exe and change it to DisableAMD using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line.