Showing Articles About
whitepaper
- 6 May 2020
U-Booting securely
This whitepaper analyzes security vulnerabilities and misconfigurations in U-Boot for embedded systems. It provides guidance to developers on securing hardware products against potential security compromises. The analysis is based on real-world research by hardware security experts investigating secure boot implementations.
-
Fabian Beterke - 29 Oct 2018
Apple Safari Pwn2Own 2018 Whitepaper
This whitepaper details two Safari vulnerabilities demonstrated at Desktop PWN2OWN 2018. The vulnerabilities (CVE-2018-4199 and CVE-2018-4196) allowed full compromise of macOS systems running Safari 11.0.3. The exploits could potentially breach user data on the affected systems.
- James Loureiro
- 26 Apr 2018
Huawei Mate 9 Pro Mobile Pwn2Own 2017
A whitepaper details vulnerabilities discovered in the Huawei Mate 9 Pro during Mobile Pwn2Own 2017. The document focuses on security issues found in the Huawei Reader and HIApp applications. Technical details of the vulnerabilities and exploitation methods are presented in the document.
- Fabian Beterke
- 16 Apr 2018
Apple Safari - Wasm Section Exploit
A technical investigation was conducted into a vulnerability in Apple Safari's Web Assembly (Wasm) implementation discovered during Pwn2own 2018. The vulnerability (CVE-2018-4121) was found in the relatively new Wasm component of WebKit, which was likely less thoroughly tested. The paper details technical exploration of the exploit techniques on macOS 10.13.3.
- Mateusz Fruba
- 19 Sep 2017
Kernel Driver mmap Handler Exploitation
This whitepaper explores exploitation techniques for Linux kernel driver memory mapping vulnerabilities. The research addresses the lack of public documentation on identifying and exploiting security flaws in kernel driver development. The goal is to provide guidance for developers to understand and mitigate memory mapping issues in kernel drivers.
- 29 Nov 2016
Hello MS08-067, My Old Friend
A proof-of-concept exploit was developed for the MS08-067 vulnerability targeting 64-bit Windows Server 2003 x64 SP0. The work addressed the lack of publicly available exploits for 64-bit systems vulnerable to this critical remote code execution flaw. The article provides insights into the challenges of 64-bit exploit development without introducing new exploit techniques.
- 23 Mar 2016
LoRa Security: Building a secure LoRa solution
A whitepaper by Rob Miller explores the security aspects of LoRaWAN technology. The document provides insights into securing LoRa systems and understanding potential attack methodologies. It aims to help developers comprehend their security responsibilities when building LoRa solutions.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: Security Architecture Whitepaper
A whitepaper by Alex Plaskett and Georgi Geshev examines the security architecture of QNX, a microkernel operating system. The document explores key operating system features and potential attack vectors against QNX-based platforms. The research identifies security weaknesses and suggests opportunities for further investigation into the QNX platform's security.
- Alex Plaskett
- 14 Apr 2014
Windows Phone 8 Application Security Whitepaper Syscan 2014
A whitepaper on Windows Phone 8 application security was presented at Syscan 2014. The research identified common developer mistakes that introduce security vulnerabilities in Windows Phone 8 applications. The whitepaper provides guidance on detecting and mitigating specific application security weaknesses in the platform.
- Nils
- 18 Oct 2010
Building Android Sandcastles in Android's Sandbox
This paper examines Android's sandbox architecture and security vulnerabilities beyond traditional kernel-level exploits. The study shifts focus to analyzing systemic and third-party application security risks in the Android ecosystem. The research explores potential security weaknesses in Android's application isolation and sandbox implementation.
- Martyn Ruks
- 14 Sep 2010
Middleware Risks: Guidance for IT Security Managers
A whitepaper examines risks associated with middleware technologies, specifically WebSphere MQ. The document provides guidance for IT security managers on assessing and addressing potential vulnerabilities in middleware systems. The goal is to help organizations better understand and mitigate middleware-related security risks.
- Martyn Ruks
- 13 Aug 2010
Banking Sector Security - Annual Research Review
MWR Labs published its annual research review focused on security technologies in the banking sector for 2010. The whitepaper provides insights into cybersecurity research conducted within financial services. The document aims to share findings and technological assessments from investigations during that year.
- 2 Jun 2010
Brave New 64-Bit World
The whitepaper examines the transition from 32-bit to 64-bit computing architectures driven by increasing memory requirements. It explores potential security implications that arise when software is ported to 64-bit systems. The document highlights unexpected challenges that emerge during this technological shift.
- 2 Jun 2010
Journey to the Centre of the Breach
This whitepaper explores computer forensics techniques for investigating a server security breach. It details a case study of an FTP server incident, demonstrating how digital forensic methods can be applied to log file analysis and malware reverse engineering. The document highlights the broader application of forensic investigation techniques beyond law enforcement.
- John Fitzpatrick
- 7 May 2009
HashCookies - A Simple Recipe
HashCookies is a session security technique that uses random salt and hashing to generate browser-specific session cookies. The method prevents session hijacking by making stolen session IDs unusable without the original salt. Implementation requires support from both web browsers and web servers to generate secure, context-specific session identifiers.
- Rafael Dominguez Vega
- 31 Jul 2008
Behind Enemy Lines: Administrative Application Attacks White Paper released
A white paper by MWR InfoSecurity explores security vulnerabilities in administrative web applications. The research details how alternative network protocols like DHCP and 802.11 can be leveraged to conduct web-based attacks. The paper provides insights into practical exploitation techniques for testing and compromising administrative web applications.
- Martyn Ruks
- 6 May 2008
IBM WebSphere MQ Security Part 1
This whitepaper examines security vulnerabilities in IBM WebSphere MQ middleware, a widely used enterprise messaging system. It highlights the complexity of securing middleware environments and introduces a penetration testing methodology for assessing WebSphere MQ security. The research aims to provide insights for security professionals responsible for protecting complex messaging infrastructure.
- Luke Jennings
- 16 Apr 2008
Security Implications of Windows Access Tokens
A whitepaper by Luke Jennings explores the security implications of Windows access tokens in enterprise environments. The document details how access token design can be exploited during penetration testing, highlighting systemic vulnerabilities in corporate security controls. The paper discusses the technical mechanisms of Windows access tokens and provides insights into potential post-exploitation techniques.
- Rafael Dominguez Vega
- 27 Sep 2007
Considerations for the Secure Rollout of Sidebar Gadgets on Windows Vista
This white paper analyzes the security implications of Windows Vista's Sidebar Gadgets feature. It explores potential attack vectors and risks associated with the new technology. The document provides recommendations for a secure implementation of Sidebar Gadgets.