-
Jon Butler Nils - 6 Sep 2013
Polishing Chrome for Fun and Profit (NSC)
A presentation at the Nordic Security Conference detailed a full sandbox escape vulnerability in Google Chrome. The vulnerability was successfully exploited at the Pwn2Own 2013 hacking competition. Technical details of compromising Chrome's security mechanisms were demonstrated by MWR's Nils and Jon.
- 5 Sep 2013
Conference Review: Nordic Sec Conf (NSC2013)
The Nordic Security Conference (NSC2013) was held in Reykjavik, Iceland, featuring notable cybersecurity talks on bug bounties, defensive strategies, and cyber conflicts. The conference included high-quality technical presentations, a competitive CTF event, and networking opportunities. Attendees enjoyed the conference's unique venue and the stunning Icelandic landscape.
- 1 Sep 2013
Introducing drozer
Drozer is an open-source mobile security tool for Android exploit development. It enables advanced payload deployment and post-exploitation through multiple "weasel" techniques for gaining device access. The tool allows security researchers to build exploits, create reverse TCP shells, and escalate privileges on target Android devices.
- 4 Jul 2013
BSides Challenge Walkthrough
The BSides London 2013 challenge involved analyzing the 'Evil Planner' Android application for security vulnerabilities. Multiple critical security flaws were discovered, including directory traversal in content providers, weak PIN encryption using device ID, and SQL injection in database content providers. These vulnerabilities could allow an attacker to access sensitive user data stored within the application.
- 5 Jun 2013
Mercury v2.2.1
Mercury, an Android security testing tool, released its final version 2.2.1 with significant updates. The release included a new BSD license, improved PATH functionality, and a new Windows installer. The project will transition to its successor drozer at BlackHat Arsenal.
- Alex Plaskett
- 3 Jun 2013
Is Blackberry Dead?
Alex Plaskett from MWR presented an overview of Blackberry 10's security features at the MWR Briefing in 2013. The presentation explored the mobile operating system's security capabilities and potential future. A PDF of the presentation is available for download.
- 16 May 2013
HackFu Venue - Clue 7
The 7th clue in a puzzle references a person named Juliet working in Hartley during the 1980s. The clue appears to be part of a cryptic challenge or puzzle context. Specific details about the purpose or full meaning of the clue remain unclear.
- 16 May 2013
MWR HackLab - Getting Frequency with SDR
A Software Defined Radio (SDR) workshop explored wireless signal interception and replay techniques using tools like USRP E100 and GNU/Radio. The project focused on analyzing low-cost wireless devices, such as 433MHz doorbells, demonstrating vulnerabilities in basic wireless technologies through signal capture and replay attacks.
- 16 May 2013
MWR HackLab - MWRcade
MWR HackLab developed a custom arcade machine capable of running multiple console emulators across different platforms. The project aimed to create a unified gaming interface using Linux, SDL, and Python for settling office disputes between employees. The machine supports multiple gaming consoles and was designed to enable remote multiplayer gaming between different office locations.
- 10 May 2013
HackFu Venue - Clue 6
The 6th clue for a HackFu event provides a betting-related instruction. The clue specifies betting on 6 doubles, 4 trebles, and a fourfold accumulator. The context appears to be part of a game or challenge involving betting strategies.
- 2 May 2013
HackFu Venue - Clue 5
The fifth clue for the HackFu venue location is presented as a mathematical puzzle involving exponents and arithmetic operations. The puzzle requires solving an equation to determine the event's location. This clue is part of a series of puzzles leading to the final venue reveal.
- 30 Apr 2013
MWR Challenge 2013
MWR InfoSecurity launched its 2013 cybersecurity challenge called "The Hunt for Ilichy". The competition invited participants to solve counter-intelligence puzzles with the opportunity to win tickets to HackFu, their annual hacking event. Ten winners would receive event entry, accommodation, and potentially travel prizes for exceptional submissions.