- 20 Jul 2012
Hacking Embedded Devices: UART Consoles
Hardware hacking techniques can provide root-level access to embedded devices through UART console interfaces. By physically inspecting circuit boards and identifying specific pins, access to hidden device consoles can be obtained. The methodology involves using tools like oscilloscopes and logic analyzers to locate and interact with serial interfaces on devices such as routers and modems.
-
Luke Jennings - 18 Jul 2012
Incognito v2.0 Released
Incognito v2.0 is a Windows security tool for token enumeration and manipulation. The new version introduces multi-host input, multi-threading, grepable output, quiet mode, and improved handling of administrative privileges. Key improvements include better API compatibility, enhanced token discovery across multiple systems, and more flexible output options for security professionals.
- 11 Jun 2012
HackFu 2012
HackFu 2012, a cybersecurity event, is scheduled for June 28th. Multiple Twitter accounts will provide live updates during the event. Participants can follow the action on designated Twitter handles like @umd9, @_cyberdyne_, @r3dl4nd, and @neweurope_.
- 6 Jun 2012
veripy is Released
MWR Labs released veripy, an open-source testing tool for IPv6 network transition. The tool aims to build confidence in hardware and software products supporting IPv6 networking. veripy is designed to help organizations navigate the complex shift from IPv4 to IPv6 infrastructure.
- 30 Apr 2012
Building Android Java/JavaScript Bridges
This article explores security vulnerabilities in Android WebView implementations, focusing on Java/JavaScript bridges. It examines methods like addJavascriptInterface and method overriding that allow native code exposure to web content. The research highlights potential attack vectors in cross-platform mobile application development frameworks, particularly in PhoneGap.
- Dave Hartley
- 27 Apr 2012
MWR SAP Metasploit Modules
Metasploit modules were developed to assess SAP systems through Remote Function Calls (RFC). The modules enable security professionals to enumerate SAP clients, brute force logins, extract user hashes, and execute arbitrary commands across different SAP system configurations.
- Dave Hartley
- 27 Apr 2012
SAP Slapping
Dave Hartley presented the "SAP Slapping" talk at CRESTCon and BSides London, exploring common vulnerabilities in SAP systems. The presentation provided an overview of SAP security misconfigurations. Metasploit modules were demonstrated to highlight potential security weaknesses in SAP infrastructure.
- 23 Apr 2012
Adventures with Android WebViews
This article provides guidance on securing Android WebViews by implementing best practices for mobile application security. Key recommendations include disabling JavaScript and plugins, restricting file system access, and implementing resource inspection techniques to prevent potential vulnerabilities. The article details methods for intercepting and controlling resource loading within WebViews to enhance mobile application security.
- 20 Apr 2012
HackFu Challenge 2012
HackFu 2012 is a cybersecurity challenge event sponsored by MWR in the UK targeting recent graduates and students. The competition offers 10 participants a chance to solve technical challenges in a futuristic "EarthDate: 2139" themed event. Participants will compete in teams at a secret location in the UK, solving various security-related challenges.
- 18 Apr 2012
HackFu 2012
HackFu 2012 is a cybersecurity event scheduled for June 28-30, set in a futuristic scenario of the year 2139. A select group of invited participants will compete in team challenges. The specific location and challenge details remain a closely guarded secret.
- 16 Apr 2012
Adventures with iOS UIWebviews
This article explores security challenges with iOS UIWebviews, focusing on techniques to mitigate risks when loading remote content. It discusses methods for implementing secure WebView interactions, including using SSL/TLS, implementing URL request inspection, and carefully managing content loading to prevent unauthorized access to local resources.
- 2 Mar 2012
Summer Internship Positions
MWR InfoSecurity offers paid summer internships for computer science students interested in cybersecurity research. Internships are approximately 12 weeks long and based in the UK offices. Candidates from second or third year of university with a strong interest in applied computer security are encouraged to apply.