The Research Blog

• Piotr Osuch
• 16 Sep 2016

H-field electromagnetic sniffing

An electromagnetic side-channel attack technique using a custom H-field sensor is demonstrated to sniff secret information from electronic devices. The method involves capturing electromagnetic emissions during data transmission using off-the-shelf components like a shielded-loop antenna, low-noise amplifier, and software-defined radio. By processing the captured signals through cross-correlation and statistical analysis, hidden serial communication data can be successfully extracted.

• Dave Hartley Luke Roberts
• 2 Sep 2016

Malicious Outlook Rules

XRulez is a tool that enables programmatic creation of malicious Outlook rules by injecting rules directly into Exchange servers. The tool allows attackers to create persistent remote code execution mechanisms via email triggers without requiring direct credential access. By exploiting MAPI sessions, malicious rules can be set up to execute payloads when specific email conditions are met.

• Marco Lancini
• 17 Aug 2016

A quick intro to Needle

Needle is an open-source modular framework designed to streamline iOS application security assessments. The tool provides a comprehensive set of modules for binary analysis, storage examination, dynamic analysis, hooking, communications testing, and static code checks. Its modular design allows security professionals to easily conduct thorough iOS app security evaluations.

• James Loureiro Georgi Geshev
• 15 Aug 2016

Platform Agnostic Kernel Fuzzing

Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.

• 11 Aug 2016

The hack that changed the blockchain perspective

The 2016 DAO hack on Ethereum exposed a critical recursive call vulnerability in a smart contract. An attacker exploited this flaw to drain 3.6 million ETH, triggering a controversial hard fork that challenged fundamental principles of decentralized blockchain technology. The incident highlighted significant security risks in early blockchain smart contract implementations.

• Nick Jones
• 8 Jul 2016

Bug hunting with static code analysis

Static code analysis techniques can improve application security by identifying vulnerabilities early in the software development lifecycle. The presentation explores automated methods for detecting security flaws, ranging from simple scripts to sophisticated analysis tools. These techniques can be integrated into continuous integration systems to proactively catch and resolve security issues before product release.

• 24 Jun 2016

Alice, Bob, and Eve: How quantum technology can secure against adversaries

Quantum key distribution (QKD) offers a provably secure communication method that protects against potential quantum computer attacks on classical encryption. The technique uses quantum mechanics principles, specifically the Heisenberg uncertainty principle, to ensure uninterceptable communication between parties. QKD provides a robust alternative to traditional encryption methods that could be compromised by quantum computing technologies.

• 24 Jun 2016

Don't Try This at Home: Decapping ICs With Boiling Acid

A technical blog post details the process of decapping integrated circuits using boiling nitric and sulphuric acids. The technique involves dissolving the epoxy packaging to expose the silicon chip inside. Decapping can be used for identifying counterfeit chips, resetting lock bits, and performing hardware reverse engineering.

• 20 Jun 2016

The current state of quantum cryptography, QKD, and the future of information security

Quantum key distribution (QKD) offers a provably secure communication method based on quantum physics principles. The technology leverages the Heisenberg uncertainty principle to create encryption keys that cannot be intercepted without detection. Commercial QKD systems are being developed to extend communication ranges and integrate with existing security infrastructure.

• 14 Jun 2016

D-Wave, why all the controversy?

D-Wave's quantum computer uses quantum annealing architecture, specialized for solving optimization problems. Unlike universal quantum computers, it offers significant speed advantages for certain computational tasks but has limitations in quantum scaling and programmability. The computer can solve some optimization problems much faster than classical computers, though its applicability remains restricted to specific problem types.

• 7 Jun 2016

Quantum paradoxes: Popping the bubble with Shor's algorithm

Quantum computers pose a significant threat to current cryptographic systems through Shor's algorithm, which can efficiently factor large prime numbers used in encryption. The algorithm leverages quantum mechanical principles and Fourier transforms to break RSA encryption by finding prime factors much faster than classical computers. Increasing investments in quantum technologies suggest that cryptographic systems may become vulnerable in the future as quantum computing capabilities advance.

• Stuart Morgan
• 6 May 2016

Visualising Organisational Charts from Active Directory

This article demonstrates techniques for extracting and visualizing organizational hierarchies from Active Directory using tools like Metasploit, SQLite, and Neo4j. The methods enable mapping of reporting structures and relationships within an organization by converting Active Directory data into a graph database. Complex queries about organizational relationships can be performed dynamically, revealing management chains and reporting structures.