Bypassing Watermarks and crafting Bambdas for quick wins

Sebastián Savini has been a part of our team for over 8 years! and he recently published in our Blog a detailed article sharing his experience bypassing different watermark implementations, including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then finally taking us through HLS (HTTP Live Streaming) and ways to reassemble videos offline by walking us through m3u8 playlists and encrypted video segments. The tricks outlined by Sebastián may also apply to implementations of Paywalls.

• It’s a 9 minute read at: https://blog.kulkan.com/bypassing-watermark-implementations-fe39e98ca22b

On another topic, a project our team worked on led to a Blog post by Nahuel D. Sánchez, showing how to leverage Burp Bambdas for “quick wins”, in this case helping identify obfuscated, or hashed, sensitive data across multi-step flows:

• It’s a 3 minute read available at: https://blog.kulkan.com/leveraging-burp-bambdas-for-quick-wins-10cc5fa32a08

Finally, we wanted to share that we’re sponsoring once again Ekoparty, a security conference held in Buenos Aires, Argentina. Ekoparty has been around since 2001 and this is the third year in a row that we’re showing support as sponsors. Come join us!

• https://ekoparty.org/sponsorship/

That’s all for now, thank your for your time!

Thinking about hiring our team for an upcoming pentest project? Reach out via email or call and let’s have a chat to further explore what that testing surface looks like.