Follow

It seems that Scirge is advertising their solution to companies, promising to go away with password-related breaches. Unfortunately, the browser extension they use doesn’t appear to be public. Does anyone have access to it and could give to me so that I can have a look?

@varx found a way to download the extensions. Now I can take a look. 😈

@WPalant A certificate transparency search for "scirge" on sslmate.com/ct_search_api/ turned up a bunch of hostnames like this: icy-venom.scirge.com, long-cosmic.scirge.com, silver-breeze.scirge.com, solid-creek.scirge.com, steep-autumn.scirge.com -- which I suspect are backing the "scirge-connect" domain for some customers. So I combined that with a URL from their user guide <docs.scirge.com/user-guide/3.2> and:

long-cosmic.scirge.com/extensi

@WPalant Here are all the files I could find: sandstorm.appux.com/shared/QZo

I think those are all version 3.3.0. Version 3.3.0 of the *user guide* stops mentioning those URLs, though. :-)

@WPalant Of those domains, steep-autumn and solid-creek also resolve. I downloaded the same files from solid-creek and the files are identical. Probably just a triplet of identical distribution servers.

@varx Nice! I actually tried the exact same thing but somehow didn’t find any domains that would resolve. Thanks a lot!

@WPalant Weird! And I tried crt.sh at first and didn't get any hits at all, which was sus, but I think that site is just having downtime. -.-

@varx I did use crt.sh, and I did get hits. Also checked out these names, but none of them resolved and I just assumed that they were used on some intranet. Should have been more thorough I guess.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.