The online marketplace in Bahrain - PlayBH - May 15, 2020
In March 2020, in the midst of lockdown in Bahrain, we decided to release one of the projects we had been sitting on for a while. Over the years we have developed a number of projects that for one reason or another didn’t see the light of day. Some are business orientated, some are tech without a business application but the most viable are, almost always, a combination of both.
Google helpdesk hacking - Nov 02, 2017
A few weeks ago we brought to your attention Ticket Trick Help Desk Hacking and explained the wide variety of systems which could be susceptable to this attack. Further information on the use of this attack vector to infiltrate Google’s help desk application, Buganizer, is available via the medium article.
Defeating Google's audio reCaptcha with 85% accuracy - Nov 01, 2017
The internet is a weird and wonderful place where two or more parties share a communication link to communicate with each other. For services that assume a human will interact them there is significant scope for abuse of that service by programs designed to take advantage of that service. Computationally it is very cheap to send data over the internet and any function which performs a function on the data received, unless returning a static zero length message, will incur more costs than the sender.
We discuss ways that bot writers can use tools to enable the defeat of reCaptcha to wreak havok
How to perform CSV injection attacks - Oct 08, 2017
As developers of business applications it is very common to create services that produce CSV files. CSV files comprise of tabular data on each row that is delimited by commas. Services for this format are simple to write and blazingly fast. Unfortunatly, partly because how quickly they can be produced, a lot of garbage can make its way into csv files. The fast majority of users will open csv files in the behometh, and much loved, Microsoft Excel. Excel is complete beast and will happily do many things with our csv file.
Ticket trick helpdesk hacking - Sep 21, 2017
A recent public announcement by Inti De Ceukelaire (@securinti) shed some light on an exploit that he has been able to use on multiple websites. He has named this exploit “Ticket trick helpdesk hacking”.
German election voting software found to be insecure - Sep 08, 2017
Recent anaylsis by the Chaos Computer Club have found German voting software PC-Wahl 10 to have fundamental security issues. Their report highlights a host of vulnerabilities which are trivial to exploit. Exploitation could tamper with voting results at municipal polling offices and transmitted to state election authorities.
Python API library for Vulners Database - Sep 08, 2017
Hello World! - Oct 01, 2013
Well hello and welcome the the first blog post to be published on BlueBlockSolutions.com. As you can see this is your typical “Hello World” type post.
Ann skips bail. Cue forensics puzzle! - Nov 27, 2009
Found a website and a forensics contest yesterday quite by accident. I was waiting for somebody before going out for the night and I thought this might be a little fun while I waited. Now the contest had closed and the results where available, which I ignored until the end and went straight to Puzzle #2: Ann skips bail.
The command prompt has been disabled by your administrator? - Feb 05, 2009
I came across an old enough post on Didier’s blog about Group policies that have disabled cmd.exe from running. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the DisableCMD string in cmd.exe and change it to DisableAMD using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line.