- 20 May 2014
HackFu Venue 2014 - Clue Two
HackFu 2014's second clue reveals a Western-themed hacking event set in the fictional town of Hacksville. A cryptic image is provided as part of the location discovery challenge. Participants are invited to solve puzzles in a cowboy-inspired adventure.
- 13 May 2014
HackFu Venue 2014 - Clue One
HackFu 2014 launched an interactive puzzle challenge to reveal its secret event venue location. Participants must solve weekly Only Connect-style puzzles that progressively disclose clues about the event's location. The first person to correctly identify the venue will win a prize.
- 12 May 2014
HackLab 2014 - Builders are better Breakers
A hardware design project at HackLab 2014 explored electronics and embedded programming to enhance security testing skills. Team members experimented with various electronic components, protocols, and design challenges through hands-on learning. The project aimed to provide practical experience in understanding system design from a builder's perspective.
-
Stuart Morgan - 12 May 2014
HackLab 2014 - Hard disk drives? Squishy disk drives!
A technical investigation examined the security of hardware-encrypted hard drives by exploring potential vulnerabilities in ATA disk protection passwords and microcontroller access. The study focused on self-encrypting drives from Samsung, Intel, and Seagate, analyzing firmware update utilities and potential attack vectors for accessing drive encryption keys. Multiple approaches were pursued to understand the practical security limitations of hardware-encrypted storage devices.
- 12 May 2014
HackLab 2014 - The JaegerBomber
An experimental project called the JagerBomber attempted to create a quadcopter controlled by an Android phone using OTG functionality and an Arduino. The team aimed to develop a drone capable of navigating and potentially delivering alcohol, but technical challenges prevented a successful launch. The project explored Android's capabilities for serial communication and drone control, demonstrating complex technical integration challenges.
- 12 May 2014
HackLab 2014
HackLab 2014 was an internal hacking event featuring three technical projects. Projects included building a quadcopter, developing a mysterious hardware project, and exploring hard drive firmware hacking. Participants collaborated in the Basingstoke offices, fueled by pizza and caffeine to tackle innovative technical challenges.
-
Alex Plaskett - 14 Apr 2014
Windows Phone 8 Application Security Slides Syscan 2014
MWR researchers Alex Plaskett and Nick Walker presented slides at Syscan 2014 analyzing Windows Phone 8 application security. The presentation covered novel vulnerabilities in mobile app development. Slides provide programmatic guidance for developers to improve Windows Phone 8 application security.
- Alex Plaskett
- 14 Apr 2014
Windows Phone 8 Application Security Whitepaper Syscan 2014
A whitepaper on Windows Phone 8 application security was presented at Syscan 2014. The research identified common developer mistakes that introduce security vulnerabilities in Windows Phone 8 applications. The whitepaper provides guidance on detecting and mitigating specific application security weaknesses in the platform.
- Jon Cave
- 11 Apr 2014
Laravel cookie forgery, decryption, and RCE
A critical vulnerability in Laravel's encryption API allowed attackers to forge session cookies and impersonate users. The flaw enabled potential remote code execution by exploiting weaknesses in MAC verification, IV handling, and PHP object deserialization. Attackers could manipulate cookies to authenticate as any user and potentially inject malicious code through serialized PHP objects.
- Jon Cave
- 11 Apr 2014
WordPress auth cookie forgery
A vulnerability in WordPress's authentication cookie validation allows potential cookie forgery through PHP type juggling. The flaw enables attackers to bypass authentication by exploiting non-strict comparison methods in the cookie verification code. Two attack vectors were identified: MAC verification bypass and potential timing attacks to determine expected MAC values.
- 8 Apr 2014
HackFu Challenge 2014
HackFu 2014 is a prestigious hacking event offering 10 invitations to cybersecurity professionals. The challenge involves solving puzzles and tracking down an enemy agent named Ilichy. Participants can win entry to a multi-day hacking competition in the UK, with potential prizes including event admission, accommodation, and travel support.
- 20 Dec 2013
Google AdMob Ad Library - Arbitrary Intent Activity Invocation
A vulnerability was discovered in the Google AdMob SDK for Android that allows attackers to manipulate Intent Activities by injecting JavaScript into a WebView. The vulnerability enables arbitrary activity invocation by controlling multiple parameters passed to the 'startActivity' method. Potential remote exploitation can occur by targeting exposed activities in other Android applications.