The Research Blog

  • 24 Jun 2016

Don't Try This at Home: Decapping ICs With Boiling Acid

A technical blog post details the process of decapping integrated circuits using boiling nitric and sulphuric acids. The technique involves dissolving the epoxy packaging to expose the silicon chip inside. Decapping can be used for identifying counterfeit chips, resetting lock bits, and performing hardware reverse engineering.

  • 20 Jun 2016

The current state of quantum cryptography, QKD, and the future of information security

Quantum key distribution (QKD) offers a provably secure communication method based on quantum physics principles. The technology leverages the Heisenberg uncertainty principle to create encryption keys that cannot be intercepted without detection. Commercial QKD systems are being developed to extend communication ranges and integrate with existing security infrastructure.

  • 14 Jun 2016

D-Wave, why all the controversy?

D-Wave's quantum computer uses quantum annealing architecture, specialized for solving optimization problems. Unlike universal quantum computers, it offers significant speed advantages for certain computational tasks but has limitations in quantum scaling and programmability. The computer can solve some optimization problems much faster than classical computers, though its applicability remains restricted to specific problem types.

  • 7 Jun 2016

Quantum paradoxes: Popping the bubble with Shor's algorithm

Quantum computers pose a significant threat to current cryptographic systems through Shor's algorithm, which can efficiently factor large prime numbers used in encryption. The algorithm leverages quantum mechanical principles and Fourier transforms to break RSA encryption by finding prime factors much faster than classical computers. Increasing investments in quantum technologies suggest that cryptographic systems may become vulnerable in the future as quantum computing capabilities advance.

Visualising Organisational Charts from Active Directory

This article demonstrates techniques for extracting and visualizing organizational hierarchies from Active Directory using tools like Metasploit, SQLite, and Neo4j. The methods enable mapping of reporting structures and relationships within an organization by converting Active Directory data into a graph database. Complex queries about organizational relationships can be performed dynamically, revealing management chains and reporting structures.

Safer Shellcode Implants

This article discusses techniques for creating safer shellcode implants by implementing runtime security controls. The proposed methods include ensuring single execution through mutex checks, validating the target endpoint using host-specific identifiers, and adding an expiry time to control the implant's lifecycle. Implementation examples are provided in both assembly and C languages to demonstrate these security controls.

  • 19 Apr 2016

Heap tracing with WinDbg and Python

This article demonstrates how to use Python and PyKd to create WinDbg scripts for heap tracing in Windows. The script hooks memory allocation functions like RtlAllocateHeap and RtlFreeHeap to log heap operations. The technique allows visualization of memory allocation patterns and can support exploit development by providing insights into heap behavior.

Masquerading as a Windows System Binary Using Digital Signatures

This article demonstrates a technique for creating fake digital certificates that mimic Microsoft's code signing certificates. By generating certificates that look like they are from Microsoft and installing a custom root CA, malicious Windows binaries can be signed to appear legitimate. The method allows attackers to create executables that blend in with system processes and potentially evade initial detection.

Offline SQL Querying of Active Directory

ADOffline is a tool that converts Active Directory LDAP data into a SQLite database for offline analysis. It enables cybersecurity professionals to perform detailed reconnaissance by querying domain users, groups, and computers without maintaining a live connection to the domain controller. The tool supports complex SQL queries and provides intuitive views to explore Active Directory information.

  • 5 Apr 2016

Windows Kernel Exploitation 101: Exploiting CVE-2014-4113

This article provides a detailed walkthrough of exploiting CVE-2014-4113, a Windows kernel vulnerability. The guide demonstrates the process of creating an exploit for Windows 7 SP1 32-bit by analyzing an original Anti-Virus vendor report. The goal is to make kernel exploitation more accessible to cybersecurity researchers.

Egress Checking

The EgressCheck Framework is a tool designed to help penetration testers and system administrators identify network egress opportunities. It generates traffic across multiple ports and protocols, capturing connection attempts using tcpdump. The framework supports both TCP and UDP scanning, and can generate one-liner scripts for Python and PowerShell.

Persistence Architecture Matters

This article explores the Windows-on-Windows (WOW) redirection layer in 64-bit Windows systems. It explains how filesystem and registry paths are dynamically remapped depending on the process architecture. The technical explanation reveals how 32-bit and 64-bit processes interact with system directories and registry keys differently.