Showing Articles About
presentation
- 22 Feb 2019
3D Accelerated Exploitation
The presentation explores the 3D Acceleration feature in VirtualBox as a rich vulnerability research target. Open-source accessibility makes VirtualBox attractive for novice security researchers. The talk discusses exploitation primitives within 3D Acceleration that could potentially enable virtual machine escape without traditional shellcode execution.
- 8 Nov 2018
Intro to Binary Analysis with Z3 and angr
A workshop presentation introduces binary analysis techniques using Z3 and angr for security professionals. The presentation covers SMT solvers and their applications in reverse engineering and vulnerability research. Sample code and labs are provided to help participants understand and apply SMT solving techniques.
-
Fabian Beterke - 29 Oct 2018
Big Game Fuzzing Pwn2Own Safari T2
A presentation detailed vulnerability research targeting macOS Safari at Pwn2Own. The talk covered specialized fuzzing tools and exploit development techniques for browser security. Specific vulnerabilities were discussed, including a heap underflow in the browser and a sandbox breakout using uninitialized memory.
- James Loureiro Alex Plaskett
- 13 Oct 2018
The Mate Escape - Huawei Pwn2Owning
A presentation at Hacktivity 2018 explored vulnerability discovery techniques targeting the Huawei Mate 9 Pro by focusing on logic bugs in Android platforms. The talk highlighted the expanding attack surface of logic vulnerabilities as memory corruption exploitation becomes increasingly challenging. Techniques for rapidly identifying potential remote compromise vulnerabilities across mobile handsets were discussed.
- Georgi Geshev Robert Miller
- 13 Jun 2018
Chainspotting: Building Exploit Chains with Logic Bugs
A presentation explores the development of an exploit chain involving 11 logic bugs across 6 Android applications. The study demonstrates how logic vulnerabilities can be chained together to achieve malicious actions like silent APK installation. Techniques for discovering and exploiting logic bugs in Android systems are discussed, highlighting the challenges of complex vulnerability chaining.
- Katie Knowles
- 2 Feb 2018
Investigating RF Controls with RTL-SDR
A presentation at BSidesNYC 2018 explored Software Defined Radio (SDR) techniques using RTL-SDR to investigate insecure wireless signals. The talk demonstrated how affordable SDR tools can capture and decode simple RF controls like remote switches and car fobs. It highlighted the ongoing vulnerabilities in wireless communication protocols and encouraged exploration of RF security.
- Yong Chuan Koh
- 23 Nov 2017
Corrupting Memory In Microsoft Office Protected-View Sandbox
This presentation explores vulnerabilities in Microsoft Office's Protected-View sandbox through fuzzing its Inter-Process Communication (IPC) attack surface. Two critical CVEs were discovered targeting the reduced functionality sandbox environment. The talk details the methodology for generating test cases and analyzing potential security weaknesses in Protected-View.
- James Loureiro
- 25 Sep 2017
Biting the Apple that feeds you - macOS Kernel Fuzzing
An automated kernel fuzzing framework was developed for the macOS XNU kernel using an in-memory fuzzer with static and dynamic analysis techniques. The framework targeted core subsystems to identify critical vulnerabilities in macOS. The approach aimed to address the limited existing automated kernel fuzzing solutions for the Apple platform.
- William Knowles
- 18 Sep 2017
Land, Configure Microsoft Office, Persist
This presentation explores native Microsoft Office add-in mechanisms that can be exploited for persistence on compromised workstations. Various techniques for abusing Office add-ins are analyzed from a red teaming perspective. The talk examines deployment complexity, privilege requirements, and effectiveness in different computing environments.
- Georgi Geshev
- 21 Apr 2017
Logic Bug Hunting in Chrome on Android
A methodology for identifying logic flaws in mobile applications is demonstrated through an analysis of Chrome for Android. The approach focuses on finding logic bugs that enable access to user files and emails without memory corruption exploits. A specific logic bug in Chrome for Android is highlighted as allowing attackers to bypass Android Nougat security mechanisms.
- 10 Mar 2017
A Window into Ring0
Sam Brown's presentation explores Windows kernel mode attack surfaces and vulnerabilities in modern systems. The talk covers techniques for finding bugs in kernel mode code and common exploitation methods for gaining system-level access. Brown discusses the increasing trend of attackers targeting kernel mode to bypass user account restrictions and sandboxing.
-
Kostas Lintovois - 11 Nov 2016
One Template To Rule 'Em All
A presentation explored how Microsoft Office VBA and templates can be exploited as a persistent malware delivery mechanism. The talk demonstrated vulnerabilities in locked-down environments through a proof-of-concept tool called WePWNise. VBA-enabled files remain an attractive attack vector due to business requirements and human factors in targeted attacks.
- Marco Lancini
- 3 Nov 2016
Needle: Finding Issues within iOS Applications
Needle is an iOS application security testing tool presented at OWASP AppSec USA 2016. The tool enables comprehensive vulnerability identification in iOS applications through both black-box and white-box testing methodologies. Marco Lancini's presentation detailed Needle's architecture and testing capabilities for finding security issues in mobile applications.
-
Nick Jones - 25 Oct 2016
Static Analysis for Code and Infrastructure
Static analysis techniques for software development are explored in this presentation by Nick Jones at DevSecCon 2016. The talk covers methods like taint checking and control flow graph analysis for identifying software bugs early in the development cycle. Guidance is provided on integrating static analysis tools effectively into development environments and infrastructure.
- Yong Chuan Koh
- 12 Oct 2016
Fuzzing the Windows kernel
A presentation by Yong Chuan Koh at HITB GSEC 2016 introduced a Python-based fuzzing framework for testing Windows kernel security. The framework is designed to be scalable and extensible for comprehensive kernel vulnerability detection. Presentation slides are available for download from the original source.
- Nils
- 12 Oct 2016
Windows Kernel Fuzzing
A distributed fuzzing technique was developed to target the Windows kernel and identify critical vulnerabilities. The approach focused on generating high-quality test cases to detect potential privilege escalation and sandbox breakout exploits. The fuzzing method scaled across hundreds of CPU cores to systematically assess the kernel's attack surface.
- James Loureiro Georgi Geshev
- 15 Aug 2016
Platform Agnostic Kernel Fuzzing
Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.
- Nick Jones
- 8 Jul 2016
Bug hunting with static code analysis
Static code analysis techniques can improve application security by identifying vulnerabilities early in the software development lifecycle. The presentation explores automated methods for detecting security flaws, ranging from simple scripts to sophisticated analysis tools. These techniques can be integrated into continuous integration systems to proactively catch and resolve security issues before product release.
- Stuart Morgan
- 16 Mar 2016
Abusing PuTTY & Pageant through native functionality
A technique for remotely interacting with SSH keys stored in PuTTY's Pageant SSH agent on Windows is explored. The method leverages native functionality to proxy SSH authentication requests through a compromised workstation without traditional exploitation. An attack tool called PageantJacker enables forwarding authentication requests to a remote Pageant instance, allowing an attacker to use a target's SSH keys from their own machine.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: 99 Problems but a Microkernel ain't one!
This presentation explores security research on the QNX microkernel operating system used in critical systems like automotive and consumer devices. The talk examined QNX's security architecture through reverse engineering and fuzzing techniques. The goal was to provide insights into QNX subsystems and potential attack surfaces for privilege escalation.
- Stuart Morgan
- 1 Feb 2016
The Pageantry of Lateral Movement
A presentation on lateral movement techniques in network penetration testing explores abusing Pageant (PuTTY's SSH agent) on Windows hosts. The talk demonstrates a nearly undetectable method of tunneling SSH agent traffic using a meterpreter extension. Improvements were made to an existing reconnaissance tool to enhance its utility during simulated attacks.
- Georgi Geshev
- 10 Dec 2015
Warranty Void If Label Removed: Attacking MPLS Networks
A presentation on MPLS network vulnerabilities revealed critical security weaknesses in service provider network infrastructures. Network reconnaissance techniques were demonstrated that could expose internal Label Switching Router interconnections. The research highlighted potential VRF hopping attacks that could allow unauthorized traffic injection between different customer networks in shared MPLS environments.
- 16 Oct 2015
Journey Into Hunting The Attackers
A presentation at BSides Manchester 2015 explored stealthy credential retrieval techniques used by attackers targeting Windows systems. The talk focused on methods for extracting credentials that can bypass Anti-Virus detection. Techniques discussed included using built-in Windows commands and attacker tools designed to remain undetected during system intrusions.
- David Middlehurst James Loureiro
- 5 Jun 2015
Why Bother Assessing Popular Software?
A presentation at BSides London 2015 examined software security vulnerabilities through a case study of Adobe Reader. The analysis focused on investigating the attack surface of the software by examining its JavaScript API, PDF Rendering Engine, and Sandbox. High-risk security vulnerabilities were identified during the detailed technical assessment.
- Jahmel Harris
- 6 Mar 2015
Watch You Lookin' At?
A security presentation at Securi-Tay 2015 examined vulnerabilities in Android Wear wearable devices. The research by Jahmel Harris and Owen Evans revealed potential malware risks for extracting sensitive information from these platforms. Security weaknesses in Android Wear's implementation were discussed as part of the investigation.
- Dave Hartley
- 12 Jun 2014
Native Bridge's Over Troubled Water
Mobile security research by Dave Hartley explored vulnerabilities in mobile advertising networks across multiple platforms. The study investigated cross-platform exploitation potential in Windows Phone, Android, Blackberry, and iOS operating systems. Findings focused on identifying security issues within popular mobile ad networks.
- Jon Butler
- 21 May 2014
Poor Man's Static Analysis - BSides London 2014
A presentation at BSides London 2014 explored using Clang for developing static analysis tools to assist manual code review. The research demonstrated tracing control flow in Google Chrome's DOM event dispatch mechanisms. The approach focused on creating custom static analysis techniques for examining complex software codebases.
- Alex Plaskett
- 14 Apr 2014
Windows Phone 8 Application Security Slides Syscan 2014
MWR researchers Alex Plaskett and Nick Walker presented slides at Syscan 2014 analyzing Windows Phone 8 application security. The presentation covered novel vulnerabilities in mobile app development. Slides provide programmatic guidance for developers to improve Windows Phone 8 application security.
- John Fitzpatrick Luke Jennings
- 20 Dec 2013
Hack the Gibson - Deepsec Edition
A presentation at Deepsec 2013 explored security vulnerabilities in supercomputer technologies. John Fitzpatrick and Luke Jennings from MWR discussed potential attacks against common supercomputer systems. The presentation slides are available for download, providing insights into supercomputer security challenges.
- John Fitzpatrick Luke Jennings
- 18 Sep 2013
Hack the Gibson - 44CON
A presentation at 44CON revealed significant security vulnerabilities in top supercomputers. The talk demonstrated novel attack techniques for compromising large-scale computing infrastructure. Penetration testing exposed lower security standards in high-performance computing systems compared to typical enterprise environments.
- Jon Butler Nils
- 6 Sep 2013
Polishing Chrome for Fun and Profit (NSC)
A presentation at the Nordic Security Conference detailed a full sandbox escape vulnerability in Google Chrome. The vulnerability was successfully exploited at the Pwn2Own 2013 hacking competition. Technical details of compromising Chrome's security mechanisms were demonstrated by MWR's Nils and Jon.
- Alex Plaskett
- 3 Jun 2013
Is Blackberry Dead?
Alex Plaskett from MWR presented an overview of Blackberry 10's security features at the MWR Briefing in 2013. The presentation explored the mobile operating system's security capabilities and potential future. A PDF of the presentation is available for download.
- Dave Hartley
- 6 Dec 2012
SAP Slapping (DeepSec)
Dave Hartley's DeepSec presentation "SAP Slapping" explored vulnerabilities in SAP systems. The talk provided an overview of common misconfigurations and security weaknesses in enterprise software. Metasploit modules were demonstrated to highlight potential security risks in SAP infrastructure.
- Martyn Ruks Nils
- 11 Sep 2012
Security Testing 4G (LTE) Networks
This presentation explores security testing methodologies for 4G (LTE) networks. The shift to IP-based communications in LTE networks introduces potential new security risks. The talk aims to provide insights into network security assessment and potential vulnerabilities in LTE deployments.
- Nils
- 1 Sep 2012
PinPadPwn
A presentation at BlackHat 2012 exposed critical security vulnerabilities in payment terminals. Memory corruption attacks were demonstrated to be possible through complex input handling and network interfaces. The research highlighted potential code execution risks in payment terminal systems.
- Dave Hartley
- 27 Apr 2012
SAP Slapping
Dave Hartley presented the "SAP Slapping" talk at CRESTCon and BSides London, exploring common vulnerabilities in SAP systems. The presentation provided an overview of SAP security misconfigurations. Metasploit modules were demonstrated to highlight potential security weaknesses in SAP infrastructure.
- Alex Plaskett
- 10 Nov 2011
Blue Hat v11 Executive Briefings: Win Phone 7 OEM Fail
A presentation at Blue Hat v11 executive briefings examined Windows Phone 7 security research. The briefing covered vulnerability trends and potential platform security improvements. It provided a high-level overview of security research findings for the Windows Phone 7 platform.
- Alex Plaskett
- 10 Nov 2011
Windows Pwn 7 OEM - Owned Every Mobile?
Alex Plaskett presented research on Windows Phone 7 security vulnerabilities at multiple cybersecurity conferences. The presentation explored the Windows Phone 7 security model and potential system weaknesses. Technical findings and exploitation techniques were demonstrated during the talks.
- 8 Mar 2010
Video: How To Be An RSol: Effective Bug Hunting in Solaris - ShmooCon 2010
A video from ShmooCon 2010 presents a Ruby-based Solaris debugging library. The presentation includes a video and slides discussing the library and its proof-of-concept tools. Materials from the talk are available online for review.
- 5 Mar 2010
Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Matt Hillman presented a research talk at ShmooCon 2010 about Solaris bug hunting techniques. The presentation demonstrated a Ruby-based debugging interface for Solaris that enables advanced software testing methods. The tool supports fault monitoring, code coverage, run tracing, code profiling, and fault injection.
- 18 Jan 2010
Solaris Debugging and Bug Hunting at ShmooCon 2010
Matt Hillman introduces RSol, a Ruby-based debugging tool for Solaris at ShmooCon 2010. The tool explores the effectiveness of DTrace for bug hunting and reverse engineering compared to traditional debugging techniques. RSol aims to become a comprehensive suite that combines debugging and DTrace-based methods.
- Luke Jennings
- 3 Dec 2009
DeepSec 2009 - Weapons of Mass Pwnage: Attacking Deployment Solutions
A presentation at DeepSec 2009 in Vienna explored security vulnerabilities in Symantec's Altiris Deployment Solution. Luke Jennings discussed potential weaknesses in enterprise deployment technologies. Presentation slides were made available to conference attendees.
- Luke Jennings
- 3 Dec 2009
Weapons of Mass Pwnage: Attacking Deployment Solutions - DeepSec 2009
A presentation at DeepSec 2009 explored security vulnerabilities in Symantec's Altiris Deployment Solution. The talk by Luke Jennings examined potential weaknesses in enterprise deployment technologies. Presentation slides are available for download from the original source.
- Rafael Dominguez Vega
- 29 Oct 2009
USB Attacks: Fun with Plug and 0wn - T2'09
A presentation on USB attack techniques was given by Rafael Dominguez Vega at T2'09 in Helsinki, Finland. The presentation explored vulnerabilities related to USB attacks. Accompanying slides and an advisory were released detailing the research findings.
- Luke Jennings
- 7 Sep 2009
Attacking Altiris at DeepSec '09
Luke Jennings will present research on vulnerabilities in Symantec's Altiris Deployment Solution at DeepSec '09 in Vienna. The presentation will focus on security issues in deployment technologies. Cybersecurity professionals interested in deployment solution security are encouraged to attend the conference.
- Rafael Dominguez Vega
- 4 Aug 2009
Fun with Plug & 0wn
Rafael Dominguez Vega presented USB security research at Defcon 17 in Las Vegas on August 2nd, 2009. The presentation materials discussing USB security vulnerabilities are available for download. The talk focused on research findings related to USB security.
- Rafael Dominguez Vega
- 15 Nov 2008
DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
At DeepSec 2008, Rafael Dominguez Vega presented research on administrative web application attacks. The presentation focused on script injection vulnerabilities in SSID and DHCP systems. Demonstration techniques for exploiting administrative web interfaces were discussed in the talk.
- Rafael Dominguez Vega
- 15 Nov 2008
Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
A presentation at DeepSec 2008 by Rafael Dominguez Vega explored administrative web application attacks. The talk focused on script injection vulnerabilities discovered through SSID and DHCP attack vectors. Presentation slides are available for download and review.
- John Fitzpatrick
- 12 Aug 2008
DefCon16 - Virtually Hacking
A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.
- Rafael Dominguez Vega
- 26 Oct 2007
FIST 2007 - Inspect a Gadget
A presentation by Rafael Dominguez Vega explores security vulnerabilities in Windows Vista Sidebar Gadgets. The research investigates potential attack vectors targeting these gadgets. Best practice recommendations are provided for mitigating security risks associated with sidebar gadget implementations.
- Martyn Ruks
- 3 Aug 2007
DefCon 15 - Websphere MQ
A presentation about IBM Websphere MQ software security was delivered at DefCon 15 in Las Vegas on August 3rd, 2007. The presentation was given by MWR InfoSecurity and the slides are available for download from their website.
- Martyn Ruks
- 5 Aug 2006
DefCon 14 - IBM Networking
A presentation by Martyn Ruks at DefCon 14 in 2006 explored IBM network security testing methodologies. The talk focused on identifying potential vulnerabilities in IBM network infrastructure. Specific network security assessment techniques for IBM systems were discussed during the presentation.