The Research Blog

  • 18 Oct 2016

Securing the loading of dynamic code

This article explores the security risks associated with dynamic code loading through reflection in programming languages. It discusses methods to secure reflective code loading, including techniques like hashing, code signing, and file permissions to prevent unauthorized code execution and potential privilege escalation vulnerabilities.

Fuzzing the Windows kernel

A presentation by Yong Chuan Koh at HITB GSEC 2016 introduced a Python-based fuzzing framework for testing Windows kernel security. The framework is designed to be scalable and extensible for comprehensive kernel vulnerability detection. Presentation slides are available for download from the original source.

Windows Kernel Fuzzing

A distributed fuzzing technique was developed to target the Windows kernel and identify critical vulnerabilities. The approach focused on generating high-quality test cases to detect potential privilege escalation and sandbox breakout exploits. The fuzzing method scaled across hundreds of CPU cores to systematically assess the kernel's attack surface.

Accessing Internal Fileshares through Exchange ActiveSync

Exchange ActiveSync (EAS) can be exploited to access internal Windows file shares using only user mailbox credentials. The vulnerability was confirmed in Exchange 2013 and 2016 with near-default configurations. Attackers can list file share contents and download files by using specific EAS commands, potentially bypassing traditional access controls.

Popping my DoS Cherry at DerbyCon

DerbyCon 6 was a cybersecurity conference featuring notable offensive security talks and tool releases. Key presentations covered topics like privilege escalation, threat emulation, and Exchange/Outlook security. Several new offensive security tools were introduced, including Rotten Potato, Lucky Strike, MailSniper, and OWA-Toolkit.

H-field electromagnetic sniffing

An electromagnetic side-channel attack technique using a custom H-field sensor is demonstrated to sniff secret information from electronic devices. The method involves capturing electromagnetic emissions during data transmission using off-the-shelf components like a shielded-loop antenna, low-noise amplifier, and software-defined radio. By processing the captured signals through cross-correlation and statistical analysis, hidden serial communication data can be successfully extracted.

Malicious Outlook Rules

XRulez is a tool that enables programmatic creation of malicious Outlook rules by injecting rules directly into Exchange servers. The tool allows attackers to create persistent remote code execution mechanisms via email triggers without requiring direct credential access. By exploiting MAPI sessions, malicious rules can be set up to execute payloads when specific email conditions are met.

A quick intro to Needle

Needle is an open-source modular framework designed to streamline iOS application security assessments. The tool provides a comprehensive set of modules for binary analysis, storage examination, dynamic analysis, hooking, communications testing, and static code checks. Its modular design allows security professionals to easily conduct thorough iOS app security evaluations.

Platform Agnostic Kernel Fuzzing

Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.

  • 11 Aug 2016

The hack that changed the blockchain perspective

The 2016 DAO hack on Ethereum exposed a critical recursive call vulnerability in a smart contract. An attacker exploited this flaw to drain 3.6 million ETH, triggering a controversial hard fork that challenged fundamental principles of decentralized blockchain technology. The incident highlighted significant security risks in early blockchain smart contract implementations.

Bug hunting with static code analysis

Static code analysis techniques can improve application security by identifying vulnerabilities early in the software development lifecycle. The presentation explores automated methods for detecting security flaws, ranging from simple scripts to sophisticated analysis tools. These techniques can be integrated into continuous integration systems to proactively catch and resolve security issues before product release.

  • 24 Jun 2016

Alice, Bob, and Eve: How quantum technology can secure against adversaries

Quantum key distribution (QKD) offers a provably secure communication method that protects against potential quantum computer attacks on classical encryption. The technique uses quantum mechanics principles, specifically the Heisenberg uncertainty principle, to ensure uninterceptable communication between parties. QKD provides a robust alternative to traditional encryption methods that could be compromised by quantum computing technologies.