In our first blog post of 2023, we continue our series about penetration testing #IBMi. This time we look into how the so-called Adopted Authority mechanism can be abused for privilege escalation! blog.silentsignal.eu/2023/01/20/abu…

We continue our #IBMi series by showing how an attacker can abuse normal user activity to escalate privileges. We also give tips to the #BlueTeam to build lures, so we can gain better understanding of how real attackers of midrange systems operate. blog.silentsignal.eu/2023/03/30/boo…

Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service #IBMi #AS400 blog.silentsignal.eu/2023/07/03/ibm…

IBM fixed multiple #IBMi LPE vulnerabilities reported by us: ibm.com/support/pages/… ibm.com/support/pages/… We'll publish technical details about these soon. Additionally, CVE-2023-30990 (DDM RCE) got its CVSS score raised: ibm.com/support/pages/…

2 new vulnerabilities in core components of the #IBMi operating system were disclosed last week. Silent Signal itjungle.com/2023/07/24/ser…

Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation #IBMi blog.silentsignal.eu/2023/08/22/202…

Another #IBMi privilege escalation reported by us was just fixed - this is CVE-2023-40375: "IBM i is vulnerable to a local privilege escalation due to a flaw in the base operating system code related to the Integrated application server for IBM i" ibm.com/support/pages/…

Join the live webinar to learn how the Silent Signal team discovers formerly unknown flaws in IBM i Systems, and how they can help organizations to secure existing IBM i infrastructures beyond compliance. When: 26 October 2023 at 5 PM CET Register: ibmi.silentsignal.eu/#demo

#IBMi is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686) Two more CVE's were assigned as the result of our reports. Management Central service doesn't need to run for exploitation. ibm.com/support/pages/…

It was an honor to present our #IBMi exploits at #TROOPERS24 today! You'll have to wait until TROOPERS Conference releases the recordings for the full show (incl. live demos), until then you can find our slides here: silentsignal.hu/docs/S2-TROOPE…

We're stoked we got to present about low-level #IBMi internals at REcon! Here you can find our ... ...slides: silentsignal.hu/docs/S2-REcon2… ...and detailed writeup: silentsignal.github.io/BelowMI/

IBM issued a fix to CVE-2024-27275 that mitigates an #IBMi privilege escalation technique we published last year: 🥷blog.silentsignal.eu/2023/03/30/boo… 🧑‍🏭ibm.com/support/pages/… The PTF restricts the use of the ADDPFTRG command - this is a breaking change documented in the Memo to Users.

The recording of our TROOPERS Conference presentation is now online, enjoy! #TROOPERS24 - IBM i for Wintel Hackers youtube.com/watch?v=t4fUvf… #IBMi

In our new blogpost we guide you through the process of improving the tools available for pentesting #WCF services over the net.tcp binding: blog.silentsignal.eu/2024/10/28/wcf… #BurpSuite #KaitaiStruct #pentest

Story of a Pentester Recruitment 2025 blog.silentsignal.eu/2025/01/14/pen…

In our new blog post, we describe how we found an authentication bypass in Git hosting software Gitblit, what the root cause was, and what both attackers and developers can learn about the security impact of state machines. blog.silentsignal.eu/2025/06/14/git…

Our newest blog post demonstrates once again that "attacks always get better, they never get worse" – and IBM i (AS/400) is no exception. Enjoy the next part of our journey along the trail of CVE-2023-30990: blog.silentsignal.eu/2025/09/04/Exp…