In January 2023 the Chinese New Year of the Rabbit started. A mere coincidence as we (Chapter8) were just busy with reporting a serious vulnerability concerning another rabbit, a White Rabbit to be exact. This blog post is not just a technical brief of the vulnerability, but also a write-up…

In one of our missions we noticed a Sentry web application. Sentry is used to remotely obtain information about crashes and issues users might have. Sentry users can login, join a team and read through crashes, their stack traces and meta-data about an issue. ChatGPT defines Sentry as: Sentry is…

Today (7 Feb ’23) is Safer Internet Day! The Chapter8 team tries to make the internet safer every day. Not just with ‘our day job’ but also in our spare time we try to research software for vulnerabilities or find and report vulnerabilities to organisations that run insecure software. In…

Geopolitics and the state of cyber. “The best time to plant a tree was 20 years ago. The second best time is now.” — Chinese proverb. Hello dear readers, Although our next blog was supposed to be a short pun article on the importance of offensive forward security and training…

The what, why, when, where and how. Part one: the what. Hi there, dear readers. You got the APT-joke in the title, right? Good! In this small blog post series, I’ll take you through a virtual Purple Team Mission from early start to aftercare. The way most people know about…

…because the industry standards do not always suffice. TL;DR: we added our own Time Phased Kill Chain to VECTR to be able to report attack paths and detection results in the order that they actually took place. …

…because we all love Christmas lists! 2021 was a great year for us. On the very first day, Crypt0jan and I welcomed Cyb3rt as the Hunter of our Purple Team and shortly after, we started a Mission in one of the most protected areas of the Netherlands. …

…well, to make things work, honestly. Not for fun nor profit. TL;DR: Intel’s ixgbe-driver sees our Finisar 10Gb SPF+ cards as 1Gb, and therefor loading these drivers will fail. But this patch by Crypt0jan will make them work and spare you his headaches, anger and frustration. You’re welcome. Tested with: …

Hacking and defending a hospital, part one — Wow, dear readers. It took us a while to come up with another war story, because we were so busy! Because this Assignment was quite intensive, we have split the tale into several parts. This Assignment was a Mission that took us to an industry that has been — and…