The Research Blog

• 28 Nov 2014

My NFC Remains Enabled - Reflections on Mobile Pwn2Own 2014

Mobile Pwn2Own 2014 highlighted zero-day vulnerabilities in mobile devices, particularly those involving NFC technologies. The competition demonstrated the ongoing challenges in mobile device security, emphasizing the importance of careful app store selection for users and proactive security design for developers. Despite potential NFC-related risks, most users are more likely to encounter threats through phishing and malware.

• Kostas Lintovois
• 31 Oct 2014

Windows Services - All roads lead to SYSTEM

This whitepaper examines security vulnerabilities in Windows services, focusing on configuration-related flaws that can lead to privilege escalation. It explores six key service areas where misconfigurations can provide attackers opportunities to execute arbitrary code with elevated system privileges. The document provides insights into assessing and remediating potential security risks in Windows service configurations.

• 15 Aug 2014

Windows 8 Kernel Memory Protections Bypass

A technique for bypassing Windows 8 kernel memory protections like SMEP and DEP is demonstrated by manipulating paging structures. The method allows modification of memory page flags to enable user-mode code execution in kernel-mode. By targeting isolated paging structures, an attacker can corrupt page table entries to circumvent kernel memory safeguards on 64-bit Windows systems.

• 20 Jun 2014

Isolated Heap & Friends - Object Allocation Hardening in Web Browsers

Web browsers have implemented object allocation hardening techniques to mitigate use-after-free vulnerabilities. These techniques include Internet Explorer's Isolated Heap, Firefox's Presentation Arena, and Chrome's PartitionAlloc. Each approach aims to constrain memory allocation strategies and make exploitation more difficult by separating object types and controlling memory reuse.

• 18 Jun 2014

BeagleBone Black, GNU Radio, and HackRF One

This guide details setting up a BeagleBone Black with Ångström Linux to compile GNU Radio and HackRF drivers. The tutorial provides step-by-step instructions for configuring an embedded Linux system to work with a HackRF One software-defined radio. Configuration involves installing dependencies, setting up system settings, and building software components for software-defined radio applications.

• Dave Hartley
• 12 Jun 2014

Fracking With Hybrid Mobile Applications

Dave Hartley's presentation explores the security implications of hybrid mobile applications across multiple platforms. The talk examines how hybrid apps combine web and native application features using frameworks like PhoneGap. It highlights security risks introduced by WebView and cross-platform development approaches that allow web code to access local device resources.

• Dave Hartley
• 12 Jun 2014

Native Bridge's Over Troubled Water

Mobile security research by Dave Hartley explored vulnerabilities in mobile advertising networks across multiple platforms. The study investigated cross-platform exploitation potential in Windows Phone, Android, Blackberry, and iOS operating systems. Findings focused on identifying security issues within popular mobile ad networks.

• Dave Hartley
• 12 Jun 2014

Putting JavaScript Bridges into (Android) Context

This article explores techniques for obtaining Android Context in WebView JavaScript-to-Java bridge vulnerabilities. Multiple methods for retrieving Context are investigated using reflection and Java Native Interface (JNI) techniques. The research demonstrates approaches to accessing system resources and package information during post-exploitation scenarios in Android applications.

• 5 Jun 2014

Continued Adventures with iOS UIWebViews

This article explores security vulnerabilities in iOS UIWebViews, specifically focusing on custom NSURLProtocol implementations. The research demonstrates how attackers can bypass naive security checks by manipulating HTTP headers and using techniques like XMLHttpRequest to access restricted resources. A proof-of-concept JavaScript payload is presented to illustrate potential exploitation methods for file access and data exfiltration.

• 2 Jun 2014

HackFu Venue 2014 - Clue Four

The fourth clue for HackFu 2014.

• 27 May 2014

HackFu Venue 2014 - Clue Three

The blog post presents the third puzzle clue for HackFu 2014, featuring two cryptic images. The images appear to be part of a challenge or puzzle for participants to solve. Minimal context is provided, leaving the puzzle's details intentionally mysterious.

• Jon Butler
• 21 May 2014

Poor Man's Static Analysis - BSides London 2014

A presentation at BSides London 2014 explored using Clang for developing static analysis tools to assist manual code review. The research demonstrated tracing control flow in Google Chrome's DOM event dispatch mechanisms. The approach focused on creating custom static analysis techniques for examining complex software codebases.