- 27 Jan 2017
A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition
A novel technique for leaking kernel bitmap object addresses in Windows post-Anniversary Edition is detailed. The method exploits memory reuse in the kernel's paged pool by leveraging accelerator tables and bitmap object allocation. This approach provides a way to retrieve kernel object addresses after previous information leak protections were implemented.
- 10 Jan 2017
Digital Lockpicking: Why Your Front Door Shouldn't Be On The Internet
A critical vulnerability was discovered in FingerTec/ZKTeco biometric access control devices. The unencrypted UDP protocol allows attackers to create unauthorized admin accounts, extract user data, and potentially unlock doors without authorization. Over 4000 such devices are exposed on the internet, posing significant security risks.
- 4 Jan 2017
High Interaction Honeypots with Sysdig and Falco
A technical exploration of using sysdig and falco tools to rapidly deploy high-interaction honeypots on Linux systems. The project demonstrated techniques for monitoring and forensically analyzing attacker interactions through detailed system call and log capture. Two case studies revealed successful honeypot deployments that captured real-world attacker behaviors and malware interactions.
-
Ben Campbell - 3 Jan 2017
Trust? Years to earn, seconds to break
An Active Directory security vulnerability involves the TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (T2A4D) User-Account-Control flag. The vulnerability can allow attackers to exploit Kerberos protocol extensions and potentially compromise domain controllers through dangerous authentication delegation attacks. Mitigation strategies include carefully managing account delegation settings and protecting sensitive user accounts.
- 29 Nov 2016
Hello MS08-067, My Old Friend
A proof-of-concept exploit was developed for the MS08-067 vulnerability targeting 64-bit Windows Server 2003 x64 SP0. The work addressed the lack of publicly available exploits for 64-bit systems vulnerable to this critical remote code execution flaw. The article provides insights into the challenges of 64-bit exploit development without introducing new exploit techniques.
- 17 Nov 2016
Working 9 till 5
A summer intern at MWR conducted security research on the Android game "Legion Hunters", uncovering multiple vulnerabilities in the game's login system. The research revealed unencrypted API calls, weak authentication mechanisms, and insecure account management that could allow unauthorized access to user accounts. The intern demonstrated how an attacker could potentially log in as any user by exploiting these security flaws.
- Kostas Lintovois
- 11 Nov 2016
One Template To Rule 'Em All
A presentation explored how Microsoft Office VBA and templates can be exploited as a persistent malware delivery mechanism. The talk demonstrated vulnerabilities in locked-down environments through a proof-of-concept tool called WePWNise. VBA-enabled files remain an attractive attack vector due to business requirements and human factors in targeted attacks.
- 3 Nov 2016
A Penetration Tester’s Guide to the Azure Cloud
This presentation provides a comprehensive guide to security assessment of Microsoft Azure Cloud services. It explores key security components, controls, and configurations across Azure deployments. The talk introduces Azurite, a tool for collecting and visualizing Azure infrastructure information.
- 3 Nov 2016
AVRop VM: A ROP based M/o/Vfuscator VM on a Harvard device
A novel virtual machine (VM) based on Return-Oriented Programming (ROP) was developed for an AVR microcontroller. The VM adapts the Movfuscator concept to a Harvard architecture device, implementing a single ROP chain that can execute different payloads through memory-mapped instruction interpretation. The approach allows for executing varied functionality using the same ROP chain on an embedded device with limited resources.
-
Marco Lancini - 3 Nov 2016
Needle: Finding Issues within iOS Applications
Needle is an iOS application security testing tool presented at OWASP AppSec USA 2016. The tool enables comprehensive vulnerability identification in iOS applications through both black-box and white-box testing methodologies. Marco Lancini's presentation detailed Needle's architecture and testing capabilities for finding security issues in mobile applications.
-
Nick Jones - 25 Oct 2016
Static Analysis for Code and Infrastructure
Static analysis techniques for software development are explored in this presentation by Nick Jones at DevSecCon 2016. The talk covers methods like taint checking and control flow graph analysis for identifying software bugs early in the development cycle. Guidance is provided on integrating static analysis tools effectively into development environments and infrastructure.
- 21 Oct 2016
A Hybrid Approach to ICS Intrusion Detection
SENAMI introduces a hybrid intrusion detection approach for Industrial Control Systems that combines passive network monitoring with selective active monitoring of critical Siemens S7 PLC variables. The method focuses on detecting value tampering attacks by monitoring three key memory locations with minimal performance impact. The approach achieves a 93% detection rate of active threats while avoiding overloading legacy PLC systems.