Showing Posts About

Software protection

Looting Microsoft Configuration Manager

CMLoot is a PowerShell tool designed to extract and analyze files from Microsoft Configuration Manager network shares. The tool automates exploration of content libraries, helping security professionals discover potentially sensitive information like credentials, certificates, and configuration details. By examining Distribution Points and Content Library structures, CMLoot enables systematic file inventory and selective downloading of interesting files.

Scheduled Task Tampering

This article explores techniques for manipulating Windows scheduled tasks through direct registry modifications. Multiple methods were demonstrated to create and modify tasks without generating standard Task Scheduler logging and event records. The techniques include registry manipulation and Event Tracing for Windows (ETW) tampering, which can be used to establish persistence or execute malicious actions while evading detection.

  • 3 Aug 2021

Playing with PuTTY

This article explores techniques for manipulating PuTTY's source code and session sharing mechanism to capture credentials and execute remote commands. Multiple methods are demonstrated for backdooring PuTTY, including capturing user commands, stealing authentication details, and hijacking SSH sessions through named pipe communications. The techniques provide creative approaches for bypassing security controls during adversarial simulations without traditional keylogging methods.

Heavy Metal Debugging

This article provides a detailed walkthrough of reverse engineering and debugging techniques on IBM zOS using the TSO TEST debugger. A vulnerable C program with a buffer overflow vulnerability is analyzed through low-level assembly language examination. The guide covers compiling, running, and debugging a sample program on the zOS mainframe environment, demonstrating techniques for finding passwords and exploiting buffer overflow vulnerabilities.

Attack Detection Fundamentals 2021: macOS - Lab #1

This article explores macOS attack detection fundamentals using the Mythic post-exploitation framework. It demonstrates initial access via Office macros, persistence techniques using LaunchAgents, and sandbox breakout methods. The focus is on detecting malicious process trees and understanding macOS security mechanisms through practical attack scenarios.

Attack Detection Fundamentals 2021: macOS - Lab #2

This article explores LaunchAgent persistence techniques on macOS, demonstrating how attackers can abuse system functionality to maintain access. Detection methods using Endpoint Security Framework and osquery are discussed to identify suspicious LaunchAgent behavior. Key strategies include monitoring file creation events and analyzing unsigned binaries executed by LaunchAgents.

Attack Detection Fundamentals 2021: macOS - Lab #3

This article explores a macOS attack technique that bypasses Apple's Transparency, Consent & Control (TCC) security mechanism. The attack leverages SSH's full disk access to directly modify the TCC database, allowing unauthorized access to protected system resources. Detection methods are demonstrated, focusing on monitoring local SSH connections and direct database modifications.

Introducing LDAP C2 for C3

A new Command & Control (C2) channel for C3 has been introduced using LDAP for covert communication within networks. The technique enables lateral movement by leveraging user attributes with minimal account compromise. A quick start guide is provided to help deploy LDAP-based C2 channels in network environments.

  • 29 Sep 2020

Application-level Purple Teaming: A case study

An application-level purple teaming approach was demonstrated using a file-sharing web application. The methodology focused on improving logging, alerting, and potential response mechanisms by systematically identifying detection gaps across enumeration and injection attack categories. The project used tools like Elasticsearch, Logstash, Kibana, and ElastAlert to enhance application security detection capabilities.

  • 3 Jul 2020

Attack Detection Fundamentals: Code Execution and Persistence - Lab #1

This article details a cybersecurity lab simulating the Astaroth malware attack chain using Living-off-the-Land (LOLBins) techniques. The lab demonstrates how attackers can exploit Windows utilities like BITSAdmin and ExtExport.exe, along with Alternate Data Streams, to stealthily download and execute malware. Multiple detection strategies are explored, including Sigma rules, event log analysis, and tools like Sysmon for identifying these sophisticated attack methods.

  • 3 Jul 2020

Attack Detection Fundamentals: Code Execution and Persistence - Lab #2

This article explores persistence techniques used by attackers in Windows environments. Two primary methods are demonstrated: adding files to the Startup folder and modifying Windows Registry Run Keys. The guide provides technical insights into malware persistence strategies and detection approaches for cybersecurity professionals.

  • 3 Jul 2020

Helping root out of the container

A container breakout technique exploits AF_LOCAL sockets to smuggle file descriptors into a container. By passing a file descriptor for the root directory, a root user within the container can modify files outside its mount namespace. This attack demonstrates how root access in a container can compromise intended security isolation boundaries.

Attack Detection Fundamentals: Initial Access - Lab #2

This article explores attack detection techniques for initial access using the Koadic post-exploitation framework deployed via an HTA file. The lab focuses on identifying suspicious process and network connection relationships using Sysmon event logs. Key objectives include detecting anomalous binaries and network connections as potential indicators of compromise.

  • 11 Jun 2020

Abusing access to mount namespaces through /proc/pid/root

Linux namespaces can be abused for privilege escalation in containerized environments. Two key attack vectors are demonstrated: creating block devices in Docker containers to bypass access controls and exploiting symlink vulnerabilities through mount and user namespaces. The research highlights potential security risks in container configurations and namespace implementations.

  • 20 May 2020

Releasing the CAPTCHA Cracken

A tool called CAPTCHA Cracken was developed to bypass text-based CAPTCHAs on an Outlook Web App portal. Advanced image preprocessing techniques and browser automation with Pyppeteer were used to overcome significant CAPTCHA recognition challenges. The project demonstrated the vulnerability of traditional text-based CAPTCHAs to machine learning-based automated attacks.

  • 1 May 2020

Bypassing Windows Defender Runtime Scanning

This article details techniques for bypassing Windows Defender's runtime memory scanning by exploiting memory permission limitations. A method was developed using PAGE_NOACCESS memory permissions to prevent detection during suspicious API calls. A custom Metasploit extension called Ninjasploit was created to implement these bypass techniques.

Jamfing for Joy: Attacking macOS in Enterprise

The article details multiple attack vectors against Jamf, a macOS enterprise management platform. Multiple techniques for compromising device management systems are explored, including password spraying, user enumeration, and policy abuse. An open-source Jamf Attack Toolkit was developed to demonstrate and facilitate these cybersecurity vulnerabilities.

How are we doing with Android's overlay attacks in 2020?

Android's Accessibility Services (AAS) can be exploited by malicious apps to perform dangerous actions on a user's device. These actions include keylogging, auto-granting permissions, reading screen content, and performing automated interactions with other apps. The article demonstrates how a malicious app can leverage AAS to potentially steal sensitive information and perform unauthorized actions without user detection.

  • 10 Mar 2020

Making Donuts Explode – Updates to the C3 Framework

The C3 framework's "Exploding Donut" release introduces significant updates to cybersecurity operations. Key improvements include integration with the Covenant C2 framework and Donut for compressed shellcode generation. The ChannelLinter project was added to simplify channel development for cybersecurity professionals.

Rethinking Credential Theft

Physmem2profit is a novel red team tool for credential theft that bypasses traditional LSASS process monitoring. The tool allows remote extraction of credential material by exposing and analyzing physical memory without directly interacting with the LSASS process. It provides an alternative approach to credential theft by leveraging memory forensics techniques on Windows systems.

Forging SWIFT MT Payment Messages for fun and pr... research!

A proof-of-concept attack demonstrated how a fraudulent SWIFT MT103 payment message could be forged and injected directly into a message queue. By leveraging system trust relationships and compromising a Message Queue administrator's access, a payment message could be introduced upstream in the payment processing system. The attack bypassed traditional security controls by targeting the message queue infrastructure rather than payment operators or application interfaces.

  • 17 Jan 2020

Misadventures in AWS

This article details manual techniques for AWS security assessment and privilege escalation during penetration testing. The approach involves generating temporary access keys for multiple AWS roles and systematically collecting data across different accounts using AWS CLI tools. The methodology demonstrates how an attacker with limited initial access can enumerate AWS resources, analyze IAM policies, and potentially escalate privileges within an AWS environment.

Digital lockpicking - stealing keys to the kingdom

A security analysis of the KeyWe Smart Lock revealed critical vulnerabilities in its Bluetooth Low Energy communication protocol. The lock's in-house key exchange mechanism allows attackers to easily intercept and decrypt device communications by exploiting a predictable common key generation process. By analyzing the mobile application and BLE traffic, the vulnerability in the lock's cryptographic design was exposed.

AWS: Such auspices are very hard to read

awspx is a proof-of-concept tool designed to visualize and analyze complex AWS access management relationships. The tool helps identify potential attack paths by mapping out resource interactions and effective access within AWS cloud infrastructure. It addresses the challenge of understanding intricate AWS policy interactions by creating a graph-based representation of resource and action relationships.

Uncommon SQL Database Alert - Informix SQL Injection

An authenticated SQL injection vulnerability was discovered in the Cisco UCM administrative portal using Informix SQL. Custom techniques were developed to enumerate database tables, users, and sensitive information when standard SQLMap tools failed. The research involved creating specialized scripts to exploit the vulnerability by bypassing security restrictions in the database.

  • 15 Nov 2019

Prince of the Honeycomb

A critical heap-buffer overflow vulnerability was discovered in Prince XML, a PDF conversion tool used by the Honeycomb application. The vulnerability was found through fuzzing and binary analysis of TIFF image parsing code. By crafting a malicious TIFF file, an attacker could potentially achieve remote command execution when processing specially crafted image files.

  • 6 Nov 2019

OU having a laugh?

A novel attack technique exploits Group Policy Object (GPO) processing in Active Directory by manipulating the gpLink attribute. An attacker with OU modification rights can redirect GPO resolution to a rogue domain controller, potentially compromising computers and users within that OU. The attack leverages default Active Directory configurations and can be executed with minimal domain user permissions.

  • 22 Feb 2019

AutoCAD - Designing a Kill Chain

A detailed analysis of potential cybersecurity vulnerabilities in AutoCAD reveals multiple attack vectors across the cyber kill chain. The research demonstrates how malicious actors can exploit AutoCAD's features like ActionMacros, AutoLisp scripts, and remote text functionality to gain code execution, establish persistence, and perform lateral movement. Multiple attack techniques were identified that could potentially compromise users in high-value industries through targeted AutoCAD-specific exploitation methods.

  • 15 Feb 2019

Ventures into Hyper-V - Fuzzing hypercalls

A technical investigation explored fuzzing Hyper-V hypercalls using a custom kernel driver called Virdian Fuzzer (VIFU). The research systematically tested both documented and undocumented hypercalls in Microsoft's virtualization platform. The project involved complex technical analysis of hypercall mechanisms, address translation, and potential vulnerabilities in the Hyper-V architecture.

  • 23 Jan 2019

What the Fuzz

Fuzzing is an automated software testing technique that generates random inputs to identify potential vulnerabilities in programs. The article explores fuzzing fundamentals, including its architecture, different approaches like dumb and smart fuzzing, and a selection of fuzzing tools and recent research. The goal is to provide an overview of fuzzing techniques and their potential for discovering software bugs.

  • 17 Jan 2019

CAPTCHA-22: Breaking Text-Based CAPTCHAs with Machine Learning

A machine learning technique was developed to break text-based CAPTCHAs using an Attention-based OCR model. By manually labeling training data from a large dataset of CAPTCHA images, near-perfect accuracy was achieved in solving various CAPTCHA implementations. The study demonstrated how machine learning can effectively bypass traditional text-based CAPTCHA systems with minimal computational resources.

  • 11 Jan 2019

Attacking Kubernetes through Kubelet

A method of attacking Kubernetes clusters by exploiting the default kubelet configuration is detailed in this article. The vulnerability allows anonymous authentication to the kubelet API, enabling attackers to list pods, execute commands in containers, and potentially obtain service account tokens. These tokens can be used to access the kube-apiserver and gain deeper access to the Kubernetes cluster.

  • 2 Nov 2018

HP NonStop Basics

HP NonStop is a fault-tolerant computing platform used in critical transaction systems since 1976. The system features a unique architecture with Guardian and Open System Services environments, and uses specialized security components like Safeguard for user management and access control. The platform employs a distinctive approach to user and file management, with unique identifiers, access control lists, and specific security configurations that differ significantly from standard Unix or Windows systems.

  • 18 Jul 2018

Bypassing Memory Scanners with Cobalt Strike and Gargoyle

A novel technique for bypassing memory scanners using the Gargoyle method with Cobalt Strike is demonstrated. The approach involves periodically staging and removing a beacon payload from memory to evade detection by endpoint security solutions. By moving in and out of executable memory at timed intervals, the technique aims to avoid traditional memory scanning techniques.

Investigating RF Controls with RTL-SDR

A presentation at BSidesNYC 2018 explored Software Defined Radio (SDR) techniques using RTL-SDR to investigate insecure wireless signals. The talk demonstrated how affordable SDR tools can capture and decode simple RF controls like remote switches and car fobs. It highlighted the ongoing vulnerabilities in wireless communication protocols and encouraged exploration of RF security.

  • 22 Sep 2017

“Tasking” Office 365 for Cobalt Strike C2

A novel Command and Control (C2) technique for Cobalt Strike was demonstrated using Office 365's Exchange Web Services. The technique leverages Outlook tasks as a communication channel to transmit malicious traffic through a legitimate service. The proof-of-concept shows how attackers can use the External C2 interface to create covert communication paths through enterprise collaboration tools.

Land, Configure Microsoft Office, Persist

This presentation explores native Microsoft Office add-in mechanisms that can be exploited for persistence on compromised workstations. Various techniques for abusing Office add-ins are analyzed from a red teaming perspective. The talk examines deployment complexity, privilege requirements, and effectiveness in different computing environments.

  • 16 May 2017

DLL Tricks with VBA to Improve Offensive Macro Capability

This article explores advanced VBA macro techniques for bypassing security controls using DLLs. Two key techniques are presented: executing remote COM scriptlets without regsvr32 and storing malicious DLLs as seemingly legitimate Office files. These methods enable attackers to execute payloads while evading traditional security detection mechanisms.

  • 21 Apr 2017

Add-In Opportunities for Office Persistence

This article explores multiple techniques for gaining persistence through Microsoft Office add-ins. Multiple methods are examined, including WLL, XLL, VBA, COM, Automation, VBE, and VSTO add-ins that can execute code when Office applications start. Each add-in type offers unique mechanisms for potential code execution with different technical advantages and limitations.

  • 10 Mar 2017

A Window into Ring0

Sam Brown's presentation explores Windows kernel mode attack surfaces and vulnerabilities in modern systems. The talk covers techniques for finding bugs in kernel mode code and common exploitation methods for gaining system-level access. Brown discusses the increasing trend of attackers targeting kernel mode to bypass user account restrictions and sandboxing.

  • 27 Jan 2017

A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition

A novel technique for leaking kernel bitmap object addresses in Windows post-Anniversary Edition is detailed. The method exploits memory reuse in the kernel's paged pool by leveraging accelerator tables and bitmap object allocation. This approach provides a way to retrieve kernel object addresses after previous information leak protections were implemented.

  • 29 Nov 2016

Hello MS08-067, My Old Friend

A proof-of-concept exploit was developed for the MS08-067 vulnerability targeting 64-bit Windows Server 2003 x64 SP0. The work addressed the lack of publicly available exploits for 64-bit systems vulnerable to this critical remote code execution flaw. The article provides insights into the challenges of 64-bit exploit development without introducing new exploit techniques.

One Template To Rule 'Em All

A presentation explored how Microsoft Office VBA and templates can be exploited as a persistent malware delivery mechanism. The talk demonstrated vulnerabilities in locked-down environments through a proof-of-concept tool called WePWNise. VBA-enabled files remain an attractive attack vector due to business requirements and human factors in targeted attacks.

Static Analysis for Code and Infrastructure

Static analysis techniques for software development are explored in this presentation by Nick Jones at DevSecCon 2016. The talk covers methods like taint checking and control flow graph analysis for identifying software bugs early in the development cycle. Guidance is provided on integrating static analysis tools effectively into development environments and infrastructure.

Fuzzing the Windows kernel

A presentation by Yong Chuan Koh at HITB GSEC 2016 introduced a Python-based fuzzing framework for testing Windows kernel security. The framework is designed to be scalable and extensible for comprehensive kernel vulnerability detection. Presentation slides are available for download from the original source.

Platform Agnostic Kernel Fuzzing

Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.

Safer Shellcode Implants

This article discusses techniques for creating safer shellcode implants by implementing runtime security controls. The proposed methods include ensuring single execution through mutex checks, validating the target endpoint using host-specific identifiers, and adding an expiry time to control the implant's lifecycle. Implementation examples are provided in both assembly and C languages to demonstrate these security controls.

Masquerading as a Windows System Binary Using Digital Signatures

This article demonstrates a technique for creating fake digital certificates that mimic Microsoft's code signing certificates. By generating certificates that look like they are from Microsoft and installing a custom root CA, malicious Windows binaries can be signed to appear legitimate. The method allows attackers to create executables that blend in with system processes and potentially evade initial detection.

Persistence Architecture Matters

This article explores the Windows-on-Windows (WOW) redirection layer in 64-bit Windows systems. It explains how filesystem and registry paths are dynamically remapped depending on the process architecture. The technical explanation reveals how 32-bit and 64-bit processes interact with system directories and registry keys differently.

QNX: 99 Problems but a Microkernel ain't one!

This presentation explores security research on the QNX microkernel operating system used in critical systems like automotive and consumer devices. The talk examined QNX's security architecture through reverse engineering and fuzzing techniques. The goal was to provide insights into QNX subsystems and potential attack surfaces for privilege escalation.

QNX: Security Architecture Whitepaper

A whitepaper by Alex Plaskett and Georgi Geshev examines the security architecture of QNX, a microkernel operating system. The document explores key operating system features and potential attack vectors against QNX-based platforms. The research identifies security weaknesses and suggests opportunities for further investigation into the QNX platform's security.

EMV Protocol Fuzzer

An EMV protocol fuzzer was developed to evaluate the security of point-of-sale devices and smartcard systems. The fuzzer enables real-time monitoring and modification of EMV communication streams to identify potential vulnerabilities. The tool includes Python interfaces and robotic automation to facilitate comprehensive security testing of financial transaction technologies.

Why Bother Assessing Popular Software?

A presentation at BSides London 2015 examined software security vulnerabilities through a case study of Adobe Reader. The analysis focused on investigating the attack surface of the software by examining its JavaScript API, PDF Rendering Engine, and Sandbox. High-risk security vulnerabilities were identified during the detailed technical assessment.

  • 12 Feb 2015

Popping alert(1) in Flash

This article explores cross-site scripting (XSS) vulnerabilities in Adobe Flash applications. It details how ActionScript can be exploited through unvalidated FlashVars, ExternalInterface calls, and remote content loading techniques. Multiple attack vectors are demonstrated, including manipulating URL parameters, loading malicious XML, and abusing URI schemes in Flash applications.

Windows Services - All roads lead to SYSTEM

This whitepaper examines security vulnerabilities in Windows services, focusing on configuration-related flaws that can lead to privilege escalation. It explores six key service areas where misconfigurations can provide attackers opportunities to execute arbitrary code with elevated system privileges. The document provides insights into assessing and remediating potential security risks in Windows service configurations.

Hack the Gibson - Deepsec Edition

A presentation at Deepsec 2013 explored security vulnerabilities in supercomputer technologies. John Fitzpatrick and Luke Jennings from MWR discussed potential attacks against common supercomputer systems. The presentation slides are available for download, providing insights into supercomputer security challenges.

  • 6 Sep 2013

MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit

A kernel pool overflow vulnerability in Windows 7's Win32k system was demonstrated at Pwn2Own 2013. The exploit involved manipulating message buffer allocations to corrupt kernel memory structures. By carefully controlling message handling and window object properties, kernel-mode code execution was achieved, enabling a sandbox escape in Google Chrome.

  • 5 Jun 2013

Mercury v2.2.1

Mercury, an Android security testing tool, released its final version 2.2.1 with significant updates. The release included a new BSD license, improved PATH functionality, and a new Windows installer. The project will transition to its successor drozer at BlackHat Arsenal.

Is Blackberry Dead?

Alex Plaskett from MWR presented an overview of Blackberry 10's security features at the MWR Briefing in 2013. The presentation explored the mobile operating system's security capabilities and potential future. A PDF of the presentation is available for download.

  • 19 Apr 2013

MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit

A detailed technical write-up of a WebKit exploit demonstrated at Pwn2Own 2013 describes a type confusion vulnerability in SVG document handling. The exploit leveraged the ability to cast non-SVG elements to SVG elements, enabling precise memory manipulation and control. By chaining multiple exploit stages, the vulnerability allowed leaking pointers, calculating memory addresses, and ultimately achieving code execution in the browser.

  • 28 Mar 2013

Announcing Mercury v2.2

Mercury v2.2, an Android Security Assessment Framework, introduces enhanced auto-completion features for command suggestions. The update maintains separate command histories for different contexts and improves ContentProvider interaction stability. A vulnerable Android app called Sieve is released to help security practitioners practice using the framework.

  • 6 Mar 2013

Pwn2Own at CanSecWest 2013

MWR Labs demonstrated a full sandbox bypass exploit against Google Chrome at Pwn2Own 2013. The exploit leveraged vulnerabilities to gain code execution in the renderer process and bypass ASLR and DEP protection mechanisms. Memory address leakage techniques were used to execute arbitrary commands outside the browser sandbox.

  • 7 Feb 2013

Announcing Mercury v2.1

Mercury v2.1, an Android security assessment framework, introduces three key improvements. Modules can now be installed directly from an online repository. Connections between the Mercury console and device can be secured with SSL and optional password protection. Performance optimizations have been made to the Mercury Agent to improve efficiency and resource management.

  • 14 Dec 2012

What's New in Mercury v2?

Mercury v2.0 introduces a completely rewritten architecture with modular reflection-based functionality. Infrastructure Mode enables remote device connectivity across firewalls and NAT. The user interface has been streamlined to provide faster, more direct access to Mercury's capabilities.

SAP Slapping (DeepSec)

Dave Hartley's DeepSec presentation "SAP Slapping" explored vulnerabilities in SAP systems. The talk provided an overview of common misconfigurations and security weaknesses in enterprise software. Metasploit modules were demonstrated to highlight potential security risks in SAP infrastructure.

  • 19 Sep 2012

Mobile Pwn2Own at EuSecWest 2012

MWR Labs demonstrated a critical Android vulnerability at EuSecWest 2012 targeting a Samsung Galaxy S3 running Android 4.0.4. The exploit used NFC to upload a malicious file, enabling code execution and privilege escalation. Through multiple vulnerabilities, the team could exfiltrate user data and compromise the device's security by bypassing Android's exploit mitigation features.

  • 7 Sep 2012

Mercury v1.1 is Released

Mercury v1.1 is an Android security testing framework with enhanced compatibility for newer Android versions. The release introduces a Reflection Interface for dynamic feature addition and includes new modules for comprehensive security scanning of Android devices and applications. Key improvements enable security professionals to more efficiently analyze potential vulnerabilities in Android systems.

  • 3 Sep 2012

SAP Parameter Injection

A vulnerability in SAP's Host Control service enables remote unauthenticated command execution on Windows SAP systems using SAP MaxDB. The attack involves manipulating parameters of the dbmcli executable to write and execute attacker-controlled commands. Metasploit modules were developed to demonstrate command injection across different SAP system interfaces.

  • 23 Aug 2012

Mercury Reflection

Mercury developed a dynamic reflection interface for Android security assessment that enables runtime code execution and plugin creation. The interface allows developers to load Java code dynamically on the server side without modifying the core application. This approach provides flexible functionality for examining and interacting with Android applications through a simple set of reflection methods.

  • 6 Jun 2012

veripy is Released

MWR Labs released veripy, an open-source testing tool for IPv6 network transition. The tool aims to build confidence in hardware and software products supporting IPv6 networking. veripy is designed to help organizations navigate the complex shift from IPv4 to IPv6 infrastructure.

  • 30 Apr 2012

Building Android Java/JavaScript Bridges

This article explores security vulnerabilities in Android WebView implementations, focusing on Java/JavaScript bridges. It examines methods like addJavascriptInterface and method overriding that allow native code exposure to web content. The research highlights potential attack vectors in cross-platform mobile application development frameworks, particularly in PhoneGap.

  • 27 Apr 2012

MWR SAP Metasploit Modules

Metasploit modules were developed to assess SAP systems through Remote Function Calls (RFC). The modules enable security professionals to enumerate SAP clients, brute force logins, extract user hashes, and execute arbitrary commands across different SAP system configurations.

SAP Slapping

Dave Hartley presented the "SAP Slapping" talk at CRESTCon and BSides London, exploring common vulnerabilities in SAP systems. The presentation provided an overview of SAP security misconfigurations. Metasploit modules were demonstrated to highlight potential security weaknesses in SAP infrastructure.

  • 12 Dec 2011

Tell Us Your Incognito Ideas and Win One of 5 Lego Ninjas

Incognito, a tool for exploiting Windows access tokens launched in 2007, seeks community input on potential improvements. The project aims to enhance the tool's effectiveness by gathering feature suggestions from the information security community. As an incentive, five Lego Ninjas will be awarded to the best feature ideas submitted.

Blue Hat v11 Executive Briefings: Win Phone 7 OEM Fail

A presentation at Blue Hat v11 executive briefings examined Windows Phone 7 security research. The briefing covered vulnerability trends and potential platform security improvements. It provided a high-level overview of security research findings for the Windows Phone 7 platform.

  • 16 Aug 2010

Recent Palm webOS Vulnerabilities - MWR InfoSecurity Clarification

MWR InfoSecurity identified two vulnerabilities in Palm WebOS in May 2010. One local service vulnerability was fixed in version 1.4.5, while a vCard parsing vulnerability remained unaddressed. The company aimed to highlight smartphone security risks through responsible disclosure.

  • 5 Mar 2010

Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris

Matt Hillman presented a research talk at ShmooCon 2010 about Solaris bug hunting techniques. The presentation demonstrated a Ruby-based debugging interface for Solaris that enables advanced software testing methods. The tool supports fault monitoring, code coverage, run tracing, code profiling, and fault injection.

IBM WebSphere MQ Security Part 1

This whitepaper examines security vulnerabilities in IBM WebSphere MQ middleware, a widely used enterprise messaging system. It highlights the complexity of securing middleware environments and introduces a penetration testing methodology for assessing WebSphere MQ security. The research aims to provide insights for security professionals responsible for protecting complex messaging infrastructure.

Security Implications of Windows Access Tokens

A whitepaper by Luke Jennings explores the security implications of Windows access tokens in enterprise environments. The document details how access token design can be exploited during penetration testing, highlighting systemic vulnerabilities in corporate security controls. The paper discusses the technical mechanisms of Windows access tokens and provides insights into potential post-exploitation techniques.

Considerations for the Secure Rollout of Sidebar Gadgets on Windows Vista

This white paper analyzes the security implications of Windows Vista's Sidebar Gadgets feature. It explores potential attack vectors and risks associated with the new technology. The document provides recommendations for a secure implementation of Sidebar Gadgets.

DefCon 15 - Websphere MQ

A presentation about IBM Websphere MQ software security was delivered at DefCon 15 in Las Vegas on August 3rd, 2007. The presentation was given by MWR InfoSecurity and the slides are available for download from their website.