- 25 Apr 2013
HackFu Venue - Clue 4
A HackFu event puzzle presents a riddle about a ballet dancer's post-university experience. The clue challenges participants to fill in a two-word blank describing the dancer's situation after graduating. The puzzle is presented as a Blankety Blank-style challenge with an accompanying image.
- 25 Apr 2013
MWR HackLab - Chubby Data
A team analyzed a massive 9TB internet scan dataset using cloud and NoSQL technologies. Multiple approaches were explored to make the data searchable, including Amazon CloudSearch for FTP banners, SQL databases for NBTStat scan results, and NoSQL databases like CouchDB and ElasticSearch for HTTP headers. The project focused on developing efficient parsing and search techniques for large-scale internet infrastructure data.
- 25 Apr 2013
MWR HackLab - Root/Beer Fridge
A cybersecurity team created an innovative beer fridge that unlocks through hacking challenges. The system uses a Raspberry Pi and Arduino with solenoid locks to create an interactive reward mechanism for solving technical puzzles. The project aimed to gamify hacking achievements by providing beer as a reward for completing security challenges.
- 22 Apr 2013
MWR HackLab
MWR Labs hosted an internal hackathon where team members collaborated on diverse technology projects. Participants worked on innovative ideas across areas like data analysis, hardware hacking, and electronic systems. The event fostered creativity and team engagement through hands-on exploration of technical challenges.
-
Nils Jon Butler - 19 Apr 2013
MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit
A detailed technical write-up of a WebKit exploit demonstrated at Pwn2Own 2013 describes a type confusion vulnerability in SVG document handling. The exploit leveraged the ability to cast non-SVG elements to SVG elements, enabling precise memory manipulation and control. By chaining multiple exploit stages, the vulnerability allowed leaking pointers, calculating memory addresses, and ultimately achieving code execution in the browser.
- 18 Apr 2013
HackFu Venue - Clue 3
The third clue for the HackFu venue location is revealed as a mathematical puzzle. The cryptic clue "I squared plus two" presents a mathematical challenge to participants seeking the event's location. The clue is accompanied by an image, adding to the mysterious nature of the venue reveal.
- 12 Apr 2013
HackFu Venue - Clue 2
The blog post reveals the second cryptic clue for the HackFu event venue location. The clue is a poetic line: "Of thy tongue's uttering, yet I know the sound." The specific meaning of the clue remains enigmatic, suggesting a puzzle or riddle about the event's destination.
- 3 Apr 2013
HackFu Venue - Clue 1
The first clue for HackFu's venue location references the famous "Remember, remember" line, specifically mentioning "the Vth". This cryptic hint is part of a series of clues designed to guide participants in discovering the event's location. The first clue was released as part of a multi-week puzzle to reveal the HackFu venue.
- 28 Mar 2013
Announcing Mercury v2.2
Mercury v2.2, an Android Security Assessment Framework, introduces enhanced auto-completion features for command suggestions. The update maintains separate command histories for different contexts and improves ContentProvider interaction stability. A vulnerable Android app called Sieve is released to help security practitioners practice using the framework.
- 11 Mar 2013
BSides Challenge
MWR Labs hosted a cybersecurity challenge focused on analyzing the "Evil Planner" Android application. The challenge invited participants to find vulnerabilities that would allow BigCorp to extract encrypted data from a potentially malicious employee's device. Multiple prizes were offered for discovering and exploiting application security weaknesses.
- Nils Jon Butler
- 6 Mar 2013
Pwn2Own at CanSecWest 2013
MWR Labs demonstrated a full sandbox bypass exploit against Google Chrome at Pwn2Own 2013. The exploit leveraged vulnerabilities to gain code execution in the renderer process and bypass ASLR and DEP protection mechanisms. Memory address leakage techniques were used to execute arbitrary commands outside the browser sandbox.
- 14 Feb 2013
2013 Summer Internship Positions
MWR is recruiting paid summer internship positions in Basingstoke for students and security enthusiasts. Interns will work on personal research projects and gain hands-on experience in information security consultancy. The internship offers opportunities to work with a research team and potentially secure a junior position after completion.