Showing Posts From
Other
Other
A summer intern at MWR conducted security research on the Android game "Legion Hunters", uncovering multiple vulnerabilities in the game's login system. The research revealed unencrypted API calls, weak authentication mechanisms, and insecure account management that could allow unauthorized access to user accounts. The intern demonstrated how an attacker could potentially log in as any user by exploiting these security flaws.
A novel virtual machine (VM) based on Return-Oriented Programming (ROP) was developed for an AVR microcontroller. The VM adapts the Movfuscator concept to a Harvard architecture device, implementing a single ROP chain that can execute different payloads through memory-mapped instruction interpretation. The approach allows for executing varied functionality using the same ROP chain on an embedded device with limited resources.
DerbyCon 6 was a cybersecurity conference featuring notable offensive security talks and tool releases. Key presentations covered topics like privilege escalation, threat emulation, and Exchange/Outlook security. Several new offensive security tools were introduced, including Rotten Potato, Lucky Strike, MailSniper, and OWA-Toolkit.
The 2016 DAO hack on Ethereum exposed a critical recursive call vulnerability in a smart contract. An attacker exploited this flaw to drain 3.6 million ETH, triggering a controversial hard fork that challenged fundamental principles of decentralized blockchain technology. The incident highlighted significant security risks in early blockchain smart contract implementations.
Quantum key distribution (QKD) offers a provably secure communication method that protects against potential quantum computer attacks on classical encryption. The technique uses quantum mechanics principles, specifically the Heisenberg uncertainty principle, to ensure uninterceptable communication between parties. QKD provides a robust alternative to traditional encryption methods that could be compromised by quantum computing technologies.
Quantum key distribution (QKD) offers a provably secure communication method based on quantum physics principles. The technology leverages the Heisenberg uncertainty principle to create encryption keys that cannot be intercepted without detection. Commercial QKD systems are being developed to extend communication ranges and integrate with existing security infrastructure.
D-Wave's quantum computer uses quantum annealing architecture, specialized for solving optimization problems. Unlike universal quantum computers, it offers significant speed advantages for certain computational tasks but has limitations in quantum scaling and programmability. The computer can solve some optimization problems much faster than classical computers, though its applicability remains restricted to specific problem types.
Quantum computers pose a significant threat to current cryptographic systems through Shor's algorithm, which can efficiently factor large prime numbers used in encryption. The algorithm leverages quantum mechanical principles and Fourier transforms to break RSA encryption by finding prime factors much faster than classical computers. Increasing investments in quantum technologies suggest that cryptographic systems may become vulnerable in the future as quantum computing capabilities advance.
A cryptic cybersecurity challenge from 44Con 2015 presents a mysterious scenario involving a ransacked room and a complex puzzle. The challenge includes a circuit diagram and a long binary string, suggesting a decoding challenge that requires careful investigation to uncover hidden information.
A blog post describes an unconventional method for performing GeoIP lookups in Excel using native formulas and Maxmind's GeoIP database. The technique involves complex nested Excel formulas to convert IP addresses to decimal and perform lookups without external dependencies or macros. The approach is designed for use on locked-down corporate machines with limited computational resources.
MWR's HackFu Challenge 2015 is an invitation-only hacking event offering 10 free tickets to cybersecurity professionals. The challenge involves a sci-fi themed mission to save the planet from an intergalactic threat by solving complex cybersecurity puzzles. Participants must complete challenges by April 30th, 2015, with the opportunity to attend the event in the UK in June.
The blog post presents the third puzzle clue for HackFu 2014, featuring two cryptic images. The images appear to be part of a challenge or puzzle for participants to solve. Minimal context is provided, leaving the puzzle's details intentionally mysterious.
HackFu 2014's second clue reveals a Western-themed hacking event set in the fictional town of Hacksville. A cryptic image is provided as part of the location discovery challenge. Participants are invited to solve puzzles in a cowboy-inspired adventure.
HackFu 2014 launched an interactive puzzle challenge to reveal its secret event venue location. Participants must solve weekly Only Connect-style puzzles that progressively disclose clues about the event's location. The first person to correctly identify the venue will win a prize.
An experimental project called the JagerBomber attempted to create a quadcopter controlled by an Android phone using OTG functionality and an Arduino. The team aimed to develop a drone capable of navigating and potentially delivering alcohol, but technical challenges prevented a successful launch. The project explored Android's capabilities for serial communication and drone control, demonstrating complex technical integration challenges.
HackFu 2014 is a prestigious hacking event offering 10 invitations to cybersecurity professionals. The challenge involves solving puzzles and tracking down an enemy agent named Ilichy. Participants can win entry to a multi-day hacking competition in the UK, with potential prizes including event admission, accommodation, and travel support.
A presentation at Deepsec 2013 explored security vulnerabilities in supercomputer technologies. John Fitzpatrick and Luke Jennings from MWR discussed potential attacks against common supercomputer systems. The presentation slides are available for download, providing insights into supercomputer security challenges.
A teaser video for HackFu 2013 was released, presenting a puzzle for viewers to solve without hacking or brute force methods. The video hints at the upcoming HackFu 2014 event scheduled for June 26-28, 2014. Participants are challenged to solve the puzzle while allowing others the opportunity to do so independently.
A thought experiment explores cybersecurity challenges if attackers could manipulate time. The analysis examines potential vulnerabilities in physical access, document security, personnel management, and digital systems under a hypothetical temporal manipulation scenario. The exploration demonstrates how traditional security controls would break down if an attacker could jump to different points in time or pause time itself.
HackFu 2013 was an immersive cybersecurity event hosted by MWR at the RAF Air Defence Radar Museum. The event featured a Crystal Maze-themed competition with four themed zones: Aztec, Industrial, Medieval, and Futuristic. Teams competed across multiple technical challenges testing skills in networking, forensics, hacking, and problem-solving.
The Nordic Security Conference (NSC2013) was held in Reykjavik, Iceland, featuring notable cybersecurity talks on bug bounties, defensive strategies, and cyber conflicts. The conference included high-quality technical presentations, a competitive CTF event, and networking opportunities. Attendees enjoyed the conference's unique venue and the stunning Icelandic landscape.
The 7th clue in a puzzle references a person named Juliet working in Hartley during the 1980s. The clue appears to be part of a cryptic challenge or puzzle context. Specific details about the purpose or full meaning of the clue remain unclear.
The 6th clue for a HackFu event provides a betting-related instruction. The clue specifies betting on 6 doubles, 4 trebles, and a fourfold accumulator. The context appears to be part of a game or challenge involving betting strategies.
The fifth clue for the HackFu venue location is presented as a mathematical puzzle involving exponents and arithmetic operations. The puzzle requires solving an equation to determine the event's location. This clue is part of a series of puzzles leading to the final venue reveal.
MWR InfoSecurity launched its 2013 cybersecurity challenge called "The Hunt for Ilichy". The competition invited participants to solve counter-intelligence puzzles with the opportunity to win tickets to HackFu, their annual hacking event. Ten winners would receive event entry, accommodation, and potentially travel prizes for exceptional submissions.
A HackFu event puzzle presents a riddle about a ballet dancer's post-university experience. The clue challenges participants to fill in a two-word blank describing the dancer's situation after graduating. The puzzle is presented as a Blankety Blank-style challenge with an accompanying image.
The third clue for the HackFu venue location is revealed as a mathematical puzzle. The cryptic clue "I squared plus two" presents a mathematical challenge to participants seeking the event's location. The clue is accompanied by an image, adding to the mysterious nature of the venue reveal.
The blog post reveals the second cryptic clue for the HackFu event venue location. The clue is a poetic line: "Of thy tongue's uttering, yet I know the sound." The specific meaning of the clue remains enigmatic, suggesting a puzzle or riddle about the event's destination.
The first clue for HackFu's venue location references the famous "Remember, remember" line, specifically mentioning "the Vth". This cryptic hint is part of a series of clues designed to guide participants in discovering the event's location. The first clue was released as part of a multi-week puzzle to reveal the HackFu venue.
MWR is recruiting paid summer internship positions in Basingstoke for students and security enthusiasts. Interns will work on personal research projects and gain hands-on experience in information security consultancy. The internship offers opportunities to work with a research team and potentially secure a junior position after completion.
HackFu 2012, a cybersecurity event, is scheduled for June 28th. Multiple Twitter accounts will provide live updates during the event. Participants can follow the action on designated Twitter handles like @umd9, @_cyberdyne_, @r3dl4nd, and @neweurope_.
HackFu 2012 is a cybersecurity challenge event sponsored by MWR in the UK targeting recent graduates and students. The competition offers 10 participants a chance to solve technical challenges in a futuristic "EarthDate: 2139" themed event. Participants will compete in teams at a secret location in the UK, solving various security-related challenges.
HackFu 2012 is a cybersecurity event scheduled for June 28-30, set in a futuristic scenario of the year 2139. A select group of invited participants will compete in team challenges. The specific location and challenge details remain a closely guarded secret.
MWR InfoSecurity offers paid summer internships for computer science students interested in cybersecurity research. Internships are approximately 12 weeks long and based in the UK offices. Candidates from second or third year of university with a strong interest in applied computer security are encouraged to apply.
T2 2011 was an intimate Finnish cybersecurity conference featuring technical talks from industry experts. The event covered diverse topics including cyber terrorism, botnet disruption, and emerging security research. Speakers presented innovative technical insights across areas like mobile security, firmware extraction, and cyber threat analysis.
HackFu is a cybersecurity challenge involving two complex technical puzzles set on a fictional "Hacker Island". The challenges require solving network forensics and signal interception problems to uncover hidden information. Participants were tasked with investigating a virtual treasure chest theft and decoding enemy communications using provided network captures.
MWR's annual HackFu cybersecurity event is scheduled for early June with the theme "The Secret of Hacker Island". The event will feature a mysterious location and challenging competition, following the previous year's Cold War-themed event in a nuclear bunker. Special guest invitations have been sent out, with event details remaining confidential.
Forensic readiness is a critical component of cybersecurity incident management. The article outlines six key strategies for organizations to prepare for potential security incidents, including accepting that incidents will occur, educating staff, maintaining flexible response plans, enabling communication, implementing robust logging, and dedicating appropriate budget and resources.
The article recounts the T2'10 security conference held in Helsinki, featuring technical presentations by MWR InfoSecurity researchers. Talks focused on mobile platform and smart card vulnerabilities, including live demonstrations of attacks on Google Android and Palm WebOS devices. The conference emphasized knowledge sharing and technical research in cybersecurity.
The SEC-T security conference in Stockholm showcased high-quality cybersecurity talks by MWR InfoSecurity. Presentations covered deployment solution risks, physical security penetration testing, and social engineering methodologies. The conference offered innovative and engaging presentations that provided deep insights into security testing techniques.
MWR InfoSecurity is recruiting technical consultants for its Technical Consultancy Team. The company seeks professionals with strong information security skills to work on client projects and MWR Labs initiatives. Interested candidates are invited to submit their CV and covering letter to the recruitment email address.
MWR Labs published its annual research review focused on security technologies in the banking sector for 2010. The whitepaper provides insights into cybersecurity research conducted within financial services. The document aims to share findings and technological assessments from investigations during that year.
MWR Labs released Max Pwnage trading cards highlighting significant computer security vulnerabilities from the past 30 years. The cards are available to clients and conference attendees at multiple cybersecurity events in 2010. Max Pwnage is a fictional character representing the discovery and exploitation of computer system vulnerabilities.
This whitepaper explores computer forensics techniques for investigating a server security breach. It details a case study of an FTP server incident, demonstrating how digital forensic methods can be applied to log file analysis and malware reverse engineering. The document highlights the broader application of forensic investigation techniques beyond law enforcement.
CanSecWest 2010 was a cybersecurity conference featuring notable security research presentations and the Pwn2Own hacking contest. Presentations covered diverse topics including collaborative reverse engineering, fuzzing techniques, kernel vulnerabilities, and wireless device security. The Pwn2Own contest demonstrated successful exploits across multiple web browsers and mobile platforms.
DeepSec 2009 was a security conference in Vienna featuring diverse cybersecurity presentations. Talks covered topics including wireless keyboard sniffing, GSM encryption vulnerabilities, virtual machine rootkit detection, and browser attack surfaces. The conference provided insights into emerging security research and potential system vulnerabilities across various technological domains.
DefCon 17 featured technical talks covering diverse cybersecurity topics including wireless sensor exploitation, USB security vulnerabilities, and router hacking. Presentations explored critical security issues such as extracting encryption keys, inline hooking techniques, and vulnerability disclosure strategies. The conference highlighted emerging research on hardware and software vulnerabilities across technological domains.
EuSecWest 2009 featured technical presentations on cybersecurity vulnerabilities and attack techniques across multiple domains. Talks covered Microsoft exploit mitigations, PCI bus attacks, Trusted Computing vulnerabilities, iPhone security exploits, and Firefox extension risks. The conference provided insights into emerging cybersecurity research and potential system vulnerabilities.
The inaugural Sec-T conference in Stockholm featured diverse cybersecurity presentations covering virtualization security, cybercrime, and emerging technological threats. Speakers discussed organized criminal activities, vulnerabilities in operating systems, and enterprise software security challenges. The conference provided insights into cutting-edge security research across multiple domains of information technology.
Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.
The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.
A summary of a DEF CON talk on advanced SQL injection attacks.