Showing Posts About

Withsecure threat intelligence team

  • 24 Dec 2019

Hackin' around the Christmas tree

A vulnerability was discovered in the Abis HD6000+ SMART Android projector that allows remote code execution on the local network. The vulnerability stems from an unauthenticated HTTP endpoint on port 9909 that enables command execution. An attacker can potentially escalate the attack to a wide-area network remote code execution scenario using WebRTC techniques.

  • 20 Dec 2019

Opening Up the Samsung Q60 series smart TV

A technical analysis was conducted on the Samsung Q60 series smart TV, exploring its hardware, firmware, and network services through detailed reverse engineering techniques. The investigation involved board-level analysis, extracting and examining the eMMC flash memory, and investigating the proprietary VDFS filesystem. Multiple approaches were used to understand the TV's internal architecture, including examining debug ports, firmware upgrade processes, and network services.

  • 15 Nov 2019

Prince of the Honeycomb

A critical heap-buffer overflow vulnerability was discovered in Prince XML, a PDF conversion tool used by the Honeycomb application. The vulnerability was found through fuzzing and binary analysis of TIFF image parsing code. By crafting a malicious TIFF file, an attacker could potentially achieve remote command execution when processing specially crafted image files.

  • 6 Nov 2019

OU having a laugh?

A novel attack technique exploits Group Policy Object (GPO) processing in Active Directory by manipulating the gpLink attribute. An attacker with OU modification rights can redirect GPO resolution to a rogue domain controller, potentially compromising computers and users within that OU. The attack leverages default Active Directory configurations and can be executed with minimal domain user permissions.

  • 1 Nov 2019

Automating Pwn2Own with Jandroid

Jandroid is an automated tool designed to help identify potential logic bugs in Android applications. The tool uses configurable templates to analyze APK files, searching for specific patterns in Android manifests and code. By reducing manual analysis effort, Jandroid enables semi-automatic detection of exploitable vulnerabilities in mobile applications.

  • 15 Feb 2019

Ventures into Hyper-V - Fuzzing hypercalls

A technical investigation explored fuzzing Hyper-V hypercalls using a custom kernel driver called Virdian Fuzzer (VIFU). The research systematically tested both documented and undocumented hypercalls in Microsoft's virtualization platform. The project involved complex technical analysis of hypercall mechanisms, address translation, and potential vulnerabilities in the Hyper-V architecture.

  • 17 Jan 2019

CAPTCHA-22: Breaking Text-Based CAPTCHAs with Machine Learning

A machine learning technique was developed to break text-based CAPTCHAs using an Attention-based OCR model. By manually labeling training data from a large dataset of CAPTCHA images, near-perfect accuracy was achieved in solving various CAPTCHA implementations. The study demonstrated how machine learning can effectively bypass traditional text-based CAPTCHA systems with minimal computational resources.

  • 11 Jan 2019

Attacking Kubernetes through Kubelet

A method of attacking Kubernetes clusters by exploiting the default kubelet configuration is detailed in this article. The vulnerability allows anonymous authentication to the kubelet API, enabling attackers to list pods, execute commands in containers, and potentially obtain service account tokens. These tokens can be used to access the kube-apiserver and gain deeper access to the Kubernetes cluster.

  • 31 Oct 2018

Undisable Restricted Admin

Restricted Admin mode is a Windows feature that prevents credential caching during RDP sessions by using network logons instead of interactive logons. The mode offers protection against lateral movement in network environments, though it introduces a minor pass-the-hash attack vector. Organizations can enable this control by modifying registry settings and group policy to enhance network security.

  • 23 Aug 2018

DNS Rebinding Headless Browsers

A DNS rebinding attack technique targeting headless browsers running on AWS was demonstrated. The attack can exploit the AWS metadata endpoint by manipulating DNS and causing browsers to hang, potentially allowing exfiltration of sensitive AWS credentials. The method bypasses same-origin policy restrictions by dynamically changing domain IP addresses during browser interactions.

  • 23 Jul 2018

A Guide to Repacking iOS Applications

This technical guide details the process of repacking iOS applications for security research purposes. The methodology covers decrypting application binaries, patching with Frida, generating provisioning profiles, and resigning applications across different scenarios. Key techniques are demonstrated for repacking various types of iOS applications, including those with frameworks, app extensions, and WatchOS companion apps.

  • 18 Jul 2018

Bypassing Memory Scanners with Cobalt Strike and Gargoyle

A novel technique for bypassing memory scanners using the Gargoyle method with Cobalt Strike is demonstrated. The approach involves periodically staging and removing a beacon payload from memory to evade detection by endpoint security solutions. By moving in and out of executable memory at timed intervals, the technique aims to avoid traditional memory scanning techniques.

  • 17 Dec 2017

Finding the Low-Hanging Route

A critical vulnerability was discovered in Cisco's APIC-EM SDN controller that allows unauthorized access to internal network services. By adding a static route and exploiting IP routing configurations, an attacker can bypass network isolation and directly access sensitive internal services without authentication. The vulnerability enables potential compromise of system credentials and unauthorized access to critical infrastructure components like Apache Cassandra and RabbitMQ.

  • 22 Sep 2017

“Tasking” Office 365 for Cobalt Strike C2

A novel Command and Control (C2) technique for Cobalt Strike was demonstrated using Office 365's Exchange Web Services. The technique leverages Outlook tasks as a communication channel to transmit malicious traffic through a legitimate service. The proof-of-concept shows how attackers can use the External C2 interface to create covert communication paths through enterprise collaboration tools.

  • 7 Jul 2017

Using Windows File Auditing to Detect Honeyfile Access

Windows file auditing offers a covert method for detecting unauthorized access to sensitive files on network shares. By configuring native Windows audit policies, detailed logs can be generated when interactions occur with specific "honeyfiles". This technique provides a low-noise, high-fidelity approach to monitoring potential security breaches on file systems.

  • 16 May 2017

DLL Tricks with VBA to Improve Offensive Macro Capability

This article explores advanced VBA macro techniques for bypassing security controls using DLLs. Two key techniques are presented: executing remote COM scriptlets without regsvr32 and storing malicious DLLs as seemingly legitimate Office files. These methods enable attackers to execute payloads while evading traditional security detection mechanisms.

  • 21 Apr 2017

Add-In Opportunities for Office Persistence

This article explores multiple techniques for gaining persistence through Microsoft Office add-ins. Multiple methods are examined, including WLL, XLL, VBA, COM, Automation, VBE, and VSTO add-ins that can execute code when Office applications start. Each add-in type offers unique mechanisms for potential code execution with different technical advantages and limitations.

  • 21 Apr 2017

Logic Bug Hunting in Chrome on Android

A methodology for identifying logic flaws in mobile applications is demonstrated through an analysis of Chrome for Android. The approach focuses on finding logic bugs that enable access to user files and emails without memory corruption exploits. A specific logic bug in Chrome for Android is highlighted as allowing attackers to bypass Android Nougat security mechanisms.

  • 27 Jan 2017

A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition

A novel technique for leaking kernel bitmap object addresses in Windows post-Anniversary Edition is detailed. The method exploits memory reuse in the kernel's paged pool by leveraging accelerator tables and bitmap object allocation. This approach provides a way to retrieve kernel object addresses after previous information leak protections were implemented.

  • 10 Jan 2017

Digital Lockpicking: Why Your Front Door Shouldn't Be On The Internet

A critical vulnerability was discovered in FingerTec/ZKTeco biometric access control devices. The unencrypted UDP protocol allows attackers to create unauthorized admin accounts, extract user data, and potentially unlock doors without authorization. Over 4000 such devices are exposed on the internet, posing significant security risks.

  • 18 Oct 2016

Securing the loading of dynamic code

This article explores the security risks associated with dynamic code loading through reflection in programming languages. It discusses methods to secure reflective code loading, including techniques like hashing, code signing, and file permissions to prevent unauthorized code execution and potential privilege escalation vulnerabilities.

  • 16 Sep 2016

H-field electromagnetic sniffing

An electromagnetic side-channel attack technique using a custom H-field sensor is demonstrated to sniff secret information from electronic devices. The method involves capturing electromagnetic emissions during data transmission using off-the-shelf components like a shielded-loop antenna, low-noise amplifier, and software-defined radio. By processing the captured signals through cross-correlation and statistical analysis, hidden serial communication data can be successfully extracted.

  • 17 Aug 2016

A quick intro to Needle

Needle is an open-source modular framework designed to streamline iOS application security assessments. The tool provides a comprehensive set of modules for binary analysis, storage examination, dynamic analysis, hooking, communications testing, and static code checks. Its modular design allows security professionals to easily conduct thorough iOS app security evaluations.

  • 11 Aug 2016

The hack that changed the blockchain perspective

The 2016 DAO hack on Ethereum exposed a critical recursive call vulnerability in a smart contract. An attacker exploited this flaw to drain 3.6 million ETH, triggering a controversial hard fork that challenged fundamental principles of decentralized blockchain technology. The incident highlighted significant security risks in early blockchain smart contract implementations.

  • 24 Jun 2016

Alice, Bob, and Eve: How quantum technology can secure against adversaries.

Quantum key distribution (QKD) offers a provably secure communication method that protects against potential quantum computer attacks on classical encryption. The technique uses quantum mechanics principles, specifically the Heisenberg uncertainty principle, to ensure uninterceptable communication between parties. QKD provides a robust alternative to traditional encryption methods that could be compromised by quantum computing technologies.

  • 20 Jun 2016

The current state of quantum cryptography, QKD, and the future of information security.

Quantum key distribution (QKD) offers a provably secure communication method based on quantum physics principles. The technology leverages the Heisenberg uncertainty principle to create encryption keys that cannot be intercepted without detection. Commercial QKD systems are being developed to extend communication ranges and integrate with existing security infrastructure.

  • 14 Jun 2016

D-Wave, why all the controversy?

D-Wave's quantum computer uses quantum annealing architecture, specialized for solving optimization problems. Unlike universal quantum computers, it offers significant speed advantages for certain computational tasks but has limitations in quantum scaling and programmability. The computer can solve some optimization problems much faster than classical computers, though its applicability remains restricted to specific problem types.

  • 7 Jun 2016

Quantum paradoxes: Popping the bubble with Shor's algorithm.

Quantum computers pose a significant threat to current cryptographic systems through Shor's algorithm, which can efficiently factor large prime numbers used in encryption. The algorithm leverages quantum mechanical principles and Fourier transforms to break RSA encryption by finding prime factors much faster than classical computers. Increasing investments in quantum technologies suggest that cryptographic systems may become vulnerable in the future as quantum computing capabilities advance.

  • 28 Aug 2015

44Con 2015 Challenge

A cryptic cybersecurity challenge from 44Con 2015 presents a mysterious scenario involving a ransacked room and a complex puzzle. The challenge includes a circuit diagram and a long binary string, suggesting a decoding challenge that requires careful investigation to uncover hidden information.

  • 27 Mar 2015

Disgusting Code: GeoIP lookups in Excel

A blog post describes an unconventional method for performing GeoIP lookups in Excel using native formulas and Maxmind's GeoIP database. The technique involves complex nested Excel formulas to convert IP addresses to decimal and perform lookups without external dependencies or macros. The approach is designed for use on locked-down corporate machines with limited computational resources.

  • 20 Mar 2015

GitLab User Enumeration

A user enumeration vulnerability was discovered in GitLab versions 5.0.0 to 7.5.0 that allows anonymous discovery of usernames through an unauthenticated internal API. The vulnerability enables attackers to potentially exploit source code repositories by enumerating valid usernames and targeting authentication systems. Metasploit modules were developed to demonstrate and exploit this security issue.

  • 16 Mar 2015

HackFu Challenge 2015

MWR's HackFu Challenge 2015 is an invitation-only hacking event offering 10 free tickets to cybersecurity professionals. The challenge involves a sci-fi themed mission to save the planet from an intergalactic threat by solving complex cybersecurity puzzles. Participants must complete challenges by April 30th, 2015, with the opportunity to attend the event in the UK in June.

  • 12 Feb 2015

Popping alert(1) in Flash

This article explores cross-site scripting (XSS) vulnerabilities in Adobe Flash applications. It details how ActionScript can be exploited through unvalidated FlashVars, ExternalInterface calls, and remote content loading techniques. Multiple attack vectors are demonstrated, including manipulating URL parameters, loading malicious XML, and abusing URI schemes in Flash applications.

  • 8 Jan 2015

CVE-2014-8272: A Case of Weak Session-ID in Dell iDRAC

A vulnerability in Dell iDRAC's IPMI v1.5 implementation allows unauthenticated attackers to predict session IDs. The weak session ID generation mechanism enables attackers to inject arbitrary commands into privileged sessions by exploiting predictable session identification. The vulnerability potentially allows privilege escalation across different IPMI communication channels.

  • 10 Dec 2014

Faster fuzzing with Python

This article explores performance optimization techniques for executing external processes in Python. By investigating process spawning methods like subprocess, fork, and posix_spawn, the performance of small binary executions was analyzed. The investigation revealed that using posix_spawn with vfork can significantly improve execution speed compared to traditional subprocess methods.

  • 15 Aug 2014

Windows 8 Kernel Memory Protections Bypass

A technique for bypassing Windows 8 kernel memory protections like SMEP and DEP is demonstrated by manipulating paging structures. The method allows modification of memory page flags to enable user-mode code execution in kernel-mode. By targeting isolated paging structures, an attacker can corrupt page table entries to circumvent kernel memory safeguards on 64-bit Windows systems.

  • 20 Jun 2014

Isolated Heap & Friends - Object Allocation Hardening in Web Browsers

Web browsers have implemented object allocation hardening techniques to mitigate use-after-free vulnerabilities. These techniques include Internet Explorer's Isolated Heap, Firefox's Presentation Arena, and Chrome's PartitionAlloc. Each approach aims to constrain memory allocation strategies and make exploitation more difficult by separating object types and controlling memory reuse.

  • 18 Jun 2014

BeagleBone Black, GNU Radio, and HackRF One

This guide details setting up a BeagleBone Black with Ångström Linux to compile GNU Radio and HackRF drivers. The tutorial provides step-by-step instructions for configuring an embedded Linux system to work with a HackRF One software-defined radio. Configuration involves installing dependencies, setting up system settings, and building software components for software-defined radio applications.

  • 12 Jun 2014

Putting JavaScript Bridges into (Android) Context

This article explores techniques for obtaining Android Context in WebView JavaScript-to-Java bridge vulnerabilities. Multiple methods for retrieving Context are investigated using reflection and Java Native Interface (JNI) techniques. The research demonstrates approaches to accessing system resources and package information during post-exploitation scenarios in Android applications.

  • 5 Jun 2014

Continued Adventures with iOS UIWebViews

This article explores security vulnerabilities in iOS UIWebViews, specifically focusing on custom NSURLProtocol implementations. The research demonstrates how attackers can bypass naive security checks by manipulating HTTP headers and using techniques like XMLHttpRequest to access restricted resources. A proof-of-concept JavaScript payload is presented to illustrate potential exploitation methods for file access and data exfiltration.

  • 2 Jun 2014

HackFu Venue 2014 - Clue Four

A puzzle image from the HackFu Venue 2014 event is presented. The image appears to be part of a challenge or game series. The puzzle was shared by the WithSecure Threat Intelligence Team.

  • 27 May 2014

HackFu Venue 2014 - Clue Three

The blog post presents the third puzzle clue for HackFu 2014, featuring two cryptic images. The images appear to be part of a challenge or puzzle for participants to solve. Minimal context is provided, leaving the puzzle's details intentionally mysterious.

  • 20 May 2014

HackFu Venue 2014 - Clue Two

HackFu 2014's second clue reveals a Western-themed hacking event set in the fictional town of Hacksville. A cryptic image is provided as part of the location discovery challenge. Participants are invited to solve puzzles in a cowboy-inspired adventure.

  • 13 May 2014

HackFu Venue 2014 - Clue One

HackFu 2014 launched an interactive puzzle challenge to reveal its secret event venue location. Participants must solve weekly Only Connect-style puzzles that progressively disclose clues about the event's location. The first person to correctly identify the venue will win a prize.

  • 12 May 2014

HackLab 2014 - Builders are better Breakers

A hardware design project at HackLab 2014 explored electronics and embedded programming to enhance security testing skills. Team members experimented with various electronic components, protocols, and design challenges through hands-on learning. The project aimed to provide practical experience in understanding system design from a builder's perspective.

  • 12 May 2014

HackLab 2014 - Hard disk drives? Squishy disk drives!

A technical investigation examined the security of hardware-encrypted hard drives by exploring potential vulnerabilities in ATA disk protection passwords and microcontroller access. The study focused on self-encrypting drives from Samsung, Intel, and Seagate, analyzing firmware update utilities and potential attack vectors for accessing drive encryption keys. Multiple approaches were pursued to understand the practical security limitations of hardware-encrypted storage devices.

  • 12 May 2014

HackLab 2014 - The JaegerBomber

An experimental project called the JagerBomber attempted to create a quadcopter controlled by an Android phone using OTG functionality and an Arduino. The team aimed to develop a drone capable of navigating and potentially delivering alcohol, but technical challenges prevented a successful launch. The project explored Android's capabilities for serial communication and drone control, demonstrating complex technical integration challenges.

  • 12 May 2014

HackLab 2014

HackLab 2014 was an internal hacking event featuring three technical projects. Projects included building a quadcopter, developing a mysterious hardware project, and exploring hard drive firmware hacking. Participants collaborated in the Basingstoke offices, fueled by pizza and caffeine to tackle innovative technical challenges.

  • 11 Apr 2014

Laravel cookie forgery, decryption, and RCE

A critical vulnerability in Laravel's encryption API allowed attackers to forge session cookies and impersonate users. The flaw enabled potential remote code execution by exploiting weaknesses in MAC verification, IV handling, and PHP object deserialization. Attackers could manipulate cookies to authenticate as any user and potentially inject malicious code through serialized PHP objects.

  • 11 Apr 2014

WordPress auth cookie forgery

A vulnerability in WordPress's authentication cookie validation allows potential cookie forgery through PHP type juggling. The flaw enables attackers to bypass authentication by exploiting non-strict comparison methods in the cookie verification code. Two attack vectors were identified: MAC verification bypass and potential timing attacks to determine expected MAC values.

  • 8 Apr 2014

HackFu Challenge 2014

HackFu 2014 is a prestigious hacking event offering 10 invitations to cybersecurity professionals. The challenge involves solving puzzles and tracking down an enemy agent named Ilichy. Participants can win entry to a multi-day hacking competition in the UK, with potential prizes including event admission, accommodation, and travel support.

  • 20 Dec 2013

Google AdMob Ad Library - Arbitrary Intent Activity Invocation

A vulnerability was discovered in the Google AdMob SDK for Android that allows attackers to manipulate Intent Activities by injecting JavaScript into a WebView. The vulnerability enables arbitrary activity invocation by controlling multiple parameters passed to the 'startActivity' method. Potential remote exploitation can occur by targeting exposed activities in other Android applications.

  • 20 Dec 2013

HackFu 2013: The Movie

A teaser video for HackFu 2013 was released, presenting a puzzle for viewers to solve without hacking or brute force methods. The video hints at the upcoming HackFu 2014 event scheduled for June 26-28, 2014. Participants are challenged to solve the puzzle while allowing others the opportunity to do so independently.

  • 20 Dec 2013

PontiFlex Ad Library - Remote JavaScript Command Execution

A critical vulnerability was discovered in the PontiFlex ad library for Android that enables remote JavaScript command execution. The flaw allows attackers to download and execute arbitrary code, perform directory traversal, and potentially steal files from mobile applications through manipulated WebView JavaScript interfaces. The vulnerability impacts Android apps using the PontiFlex ad library, potentially exposing millions of users to remote code execution risks.

  • 29 Nov 2013

Advanced Persistent Timelords

A thought experiment explores cybersecurity challenges if attackers could manipulate time. The analysis examines potential vulnerabilities in physical access, document security, personnel management, and digital systems under a hypothetical temporal manipulation scenario. The exploration demonstrates how traditional security controls would break down if an attacker could jump to different points in time or pause time itself.

  • 29 Nov 2013

Debug All the Android Things

This blog post describes a technique for enabling debugging on Android applications using Cydia Substrate. The method involves hooking the Android process startup method to force debugging flags, allowing developers to use jdb to interact with and manipulate running Android applications, even for apps not marked as debuggable in their manifest.

  • 27 Nov 2013

Millenial Media Ad Library

A critical vulnerability was discovered in the Millenial Media SDK across mobile platforms. The SDK's WebView implementation allows attackers to perform dangerous actions like file manipulation, clipboard access, audio recording, and cross-application exploitation through malicious JavaScript injection. These security flaws could enable comprehensive mobile device compromise and unauthorized access to sensitive user information.

  • 20 Nov 2013

AppLovin Ad Library SDK: Remote Command Execution via Update Mechanism

A critical vulnerability was discovered in the AppLovin Ad Library SDK for Android that enables remote command execution through an insecure update mechanism. The vulnerability allows attackers to inject malicious code into applications by exploiting the SDK's dynamic class loading process during updates. An attacker can craft a malicious SDK update that gets automatically downloaded and executed when an application starts.

  • 12 Nov 2013

Run SAP, Run

Metasploit modules for SAP system security assessment were developed to comprehensively test SAP enterprise environments. The modules enable penetration testers to discover SAP services, enumerate clients, perform bruteforce attacks, and execute remote commands across different SAP connectors. Multiple attack techniques were demonstrated, including information gathering, credential extraction, and obtaining interactive shells on both Linux and Windows SAP systems.

  • 25 Oct 2013

HackFu - The Final Wrap Up

HackFu 2013 was an immersive cybersecurity event hosted by MWR at the RAF Air Defence Radar Museum. The event featured a Crystal Maze-themed competition with four themed zones: Aztec, Industrial, Medieval, and Futuristic. Teams competed across multiple technical challenges testing skills in networking, forensics, hacking, and problem-solving.

  • 24 Sep 2013

WebView addJavascriptInterface Remote Code Execution

A critical remote code execution vulnerability was discovered in Android WebViews using JavaScript interfaces. The vulnerability allows attackers to execute arbitrary system commands by injecting malicious JavaScript into applications using advertising network SDKs. Analysis revealed that a significant number of Android applications could potentially be compromised through this security flaw.

  • 6 Sep 2013

MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit

A kernel pool overflow vulnerability in Windows 7's Win32k system was demonstrated at Pwn2Own 2013. The exploit involved manipulating message buffer allocations to corrupt kernel memory structures. By carefully controlling message handling and window object properties, kernel-mode code execution was achieved, enabling a sandbox escape in Google Chrome.

  • 5 Sep 2013

Conference Review: Nordic Sec Conf (NSC2013)

The Nordic Security Conference (NSC2013) was held in Reykjavik, Iceland, featuring notable cybersecurity talks on bug bounties, defensive strategies, and cyber conflicts. The conference included high-quality technical presentations, a competitive CTF event, and networking opportunities. Attendees enjoyed the conference's unique venue and the stunning Icelandic landscape.

  • 1 Sep 2013

Introducing drozer

Drozer is an open-source mobile security tool for Android exploit development. It enables advanced payload deployment and post-exploitation through multiple "weasel" techniques for gaining device access. The tool allows security researchers to build exploits, create reverse TCP shells, and escalate privileges on target Android devices.

  • 4 Jul 2013

BSides Challenge Walkthrough

The BSides London 2013 challenge involved analyzing the 'Evil Planner' Android application for security vulnerabilities. Multiple critical security flaws were discovered, including directory traversal in content providers, weak PIN encryption using device ID, and SQL injection in database content providers. These vulnerabilities could allow an attacker to access sensitive user data stored within the application.

  • 5 Jun 2013

Mercury v2.2.1

Mercury, an Android security testing tool, released its final version 2.2.1 with significant updates. The release included a new BSD license, improved PATH functionality, and a new Windows installer. The project will transition to its successor drozer at BlackHat Arsenal.

  • 16 May 2013

HackFu Venue - Clue 7

The 7th clue in a puzzle references a person named Juliet working in Hartley during the 1980s. The clue appears to be part of a cryptic challenge or puzzle context. Specific details about the purpose or full meaning of the clue remain unclear.

  • 16 May 2013

MWR HackLab - Getting Frequency with SDR

A Software Defined Radio (SDR) workshop explored wireless signal interception and replay techniques using tools like USRP E100 and GNU/Radio. The project focused on analyzing low-cost wireless devices, such as 433MHz doorbells, demonstrating vulnerabilities in basic wireless technologies through signal capture and replay attacks.

  • 16 May 2013

MWR HackLab - MWRcade

MWR HackLab developed a custom arcade machine capable of running multiple console emulators across different platforms. The project aimed to create a unified gaming interface using Linux, SDL, and Python for settling office disputes between employees. The machine supports multiple gaming consoles and was designed to enable remote multiplayer gaming between different office locations.

  • 10 May 2013

HackFu Venue - Clue 6

The 6th clue for a HackFu event provides a betting-related instruction. The clue specifies betting on 6 doubles, 4 trebles, and a fourfold accumulator. The context appears to be part of a game or challenge involving betting strategies.

  • 2 May 2013

HackFu Venue - Clue 5

The fifth clue for the HackFu venue location is presented as a mathematical puzzle involving exponents and arithmetic operations. The puzzle requires solving an equation to determine the event's location. This clue is part of a series of puzzles leading to the final venue reveal.

  • 30 Apr 2013

MWR Challenge 2013

MWR InfoSecurity launched its 2013 cybersecurity challenge called "The Hunt for Ilichy". The competition invited participants to solve counter-intelligence puzzles with the opportunity to win tickets to HackFu, their annual hacking event. Ten winners would receive event entry, accommodation, and potentially travel prizes for exceptional submissions.

  • 25 Apr 2013

HackFu Venue - Clue 4

A HackFu event puzzle presents a riddle about a ballet dancer's post-university experience. The clue challenges participants to fill in a two-word blank describing the dancer's situation after graduating. The puzzle is presented as a Blankety Blank-style challenge with an accompanying image.

  • 25 Apr 2013

MWR HackLab - Chubby Data

A team analyzed a massive 9TB internet scan dataset using cloud and NoSQL technologies. Multiple approaches were explored to make the data searchable, including Amazon CloudSearch for FTP banners, SQL databases for NBTStat scan results, and NoSQL databases like CouchDB and ElasticSearch for HTTP headers. The project focused on developing efficient parsing and search techniques for large-scale internet infrastructure data.

  • 25 Apr 2013

MWR HackLab - Root/Beer Fridge

A cybersecurity team created an innovative beer fridge that unlocks through hacking challenges. The system uses a Raspberry Pi and Arduino with solenoid locks to create an interactive reward mechanism for solving technical puzzles. The project aimed to gamify hacking achievements by providing beer as a reward for completing security challenges.

  • 22 Apr 2013

MWR HackLab

MWR Labs hosted an internal hackathon where team members collaborated on diverse technology projects. Participants worked on innovative ideas across areas like data analysis, hardware hacking, and electronic systems. The event fostered creativity and team engagement through hands-on exploration of technical challenges.

  • 19 Apr 2013

MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit

A detailed technical write-up of a WebKit exploit demonstrated at Pwn2Own 2013 describes a type confusion vulnerability in SVG document handling. The exploit leveraged the ability to cast non-SVG elements to SVG elements, enabling precise memory manipulation and control. By chaining multiple exploit stages, the vulnerability allowed leaking pointers, calculating memory addresses, and ultimately achieving code execution in the browser.

  • 18 Apr 2013

HackFu Venue - Clue 3

The third clue for the HackFu venue location is revealed as a mathematical puzzle. The cryptic clue "I squared plus two" presents a mathematical challenge to participants seeking the event's location. The clue is accompanied by an image, adding to the mysterious nature of the venue reveal.

  • 12 Apr 2013

HackFu Venue - Clue 2

The blog post reveals the second cryptic clue for the HackFu event venue location. The clue is a poetic line: "Of thy tongue's uttering, yet I know the sound." The specific meaning of the clue remains enigmatic, suggesting a puzzle or riddle about the event's destination.

  • 3 Apr 2013

HackFu Venue - Clue 1

The first clue for HackFu's venue location references the famous "Remember, remember" line, specifically mentioning "the Vth". This cryptic hint is part of a series of clues designed to guide participants in discovering the event's location. The first clue was released as part of a multi-week puzzle to reveal the HackFu venue.

  • 28 Mar 2013

Announcing Mercury v2.2

Mercury v2.2, an Android Security Assessment Framework, introduces enhanced auto-completion features for command suggestions. The update maintains separate command histories for different contexts and improves ContentProvider interaction stability. A vulnerable Android app called Sieve is released to help security practitioners practice using the framework.

  • 11 Mar 2013

BSides Challenge

MWR Labs hosted a cybersecurity challenge focused on analyzing the "Evil Planner" Android application. The challenge invited participants to find vulnerabilities that would allow BigCorp to extract encrypted data from a potentially malicious employee's device. Multiple prizes were offered for discovering and exploiting application security weaknesses.

  • 6 Mar 2013

Pwn2Own at CanSecWest 2013

MWR Labs demonstrated a full sandbox bypass exploit against Google Chrome at Pwn2Own 2013. The exploit leveraged vulnerabilities to gain code execution in the renderer process and bypass ASLR and DEP protection mechanisms. Memory address leakage techniques were used to execute arbitrary commands outside the browser sandbox.

  • 14 Feb 2013

2013 Summer Internship Positions

MWR is recruiting paid summer internship positions in Basingstoke for students and security enthusiasts. Interns will work on personal research projects and gain hands-on experience in information security consultancy. The internship offers opportunities to work with a research team and potentially secure a junior position after completion.

  • 7 Feb 2013

Announcing Mercury v2.1

Mercury v2.1, an Android security assessment framework, introduces three key improvements. Modules can now be installed directly from an online repository. Connections between the Mercury console and device can be secured with SSL and optional password protection. Performance optimizations have been made to the Mercury Agent to improve efficiency and resource management.

  • 14 Dec 2012

What's New in Mercury v2?

Mercury v2.0 introduces a completely rewritten architecture with modular reflection-based functionality. Infrastructure Mode enables remote device connectivity across firewalls and NAT. The user interface has been streamlined to provide faster, more direct access to Mercury's capabilities.

  • 19 Sep 2012

Mobile Pwn2Own at EuSecWest 2012

MWR Labs demonstrated a critical Android vulnerability at EuSecWest 2012 targeting a Samsung Galaxy S3 running Android 4.0.4. The exploit used NFC to upload a malicious file, enabling code execution and privilege escalation. Through multiple vulnerabilities, the team could exfiltrate user data and compromise the device's security by bypassing Android's exploit mitigation features.

  • 13 Sep 2012

SAP Smashing (Internet Windows)

SAProuter is a SAP network proxy that can route TCP connections through firewalls. A proof-of-concept technique was developed to establish native connections through SAProuter. The method allows routing network connections and was demonstrated by integrating with Metasploit to access systems behind the proxy.

  • 7 Sep 2012

Mercury v1.1 is Released

Mercury v1.1 is an Android security testing framework with enhanced compatibility for newer Android versions. The release introduces a Reflection Interface for dynamic feature addition and includes new modules for comprehensive security scanning of Android devices and applications. Key improvements enable security professionals to more efficiently analyze potential vulnerabilities in Android systems.

  • 3 Sep 2012

SAP Parameter Injection

A vulnerability in SAP's Host Control service enables remote unauthenticated command execution on Windows SAP systems using SAP MaxDB. The attack involves manipulating parameters of the dbmcli executable to write and execute attacker-controlled commands. Metasploit modules were developed to demonstrate command injection across different SAP system interfaces.

  • 1 Sep 2012

A Look at the BlackBerry OS as a Secure Platform for Third Party Applications

This article examines critical security vulnerabilities in the BlackBerry OS for third-party applications running in the BlackBerry Internet Service environment. Key security issues include unprotected data storage, insecure data transmission, and weak application sandboxing that could allow malicious apps to compromise device security. The study reveals multiple attack vectors such as database manipulation, input simulation, and unauthorized screenshots.

  • 23 Aug 2012

Mercury Reflection

Mercury developed a dynamic reflection interface for Android security assessment that enables runtime code execution and plugin creation. The interface allows developers to load Java code dynamically on the server side without modifying the core application. This approach provides flexible functionality for examining and interacting with Android applications through a simple set of reflection methods.

  • 20 Jul 2012

Hacking Embedded Devices: UART Consoles

Hardware hacking techniques can provide root-level access to embedded devices through UART console interfaces. By physically inspecting circuit boards and identifying specific pins, access to hidden device consoles can be obtained. The methodology involves using tools like oscilloscopes and logic analyzers to locate and interact with serial interfaces on devices such as routers and modems.

  • 18 Jul 2012

Incognito v2.0 Released

Incognito v2.0 is a Windows security tool for token enumeration and manipulation. The new version introduces multi-host input, multi-threading, grepable output, quiet mode, and improved handling of administrative privileges. Key improvements include better API compatibility, enhanced token discovery across multiple systems, and more flexible output options for security professionals.

  • 11 Jun 2012

HackFu 2012

HackFu 2012, a cybersecurity event, is scheduled for June 28th. Multiple Twitter accounts will provide live updates during the event. Participants can follow the action on designated Twitter handles like @umd9, @_cyberdyne_, @r3dl4nd, and @neweurope_.

  • 6 Jun 2012

veripy is Released

MWR Labs released veripy, an open-source testing tool for IPv6 network transition. The tool aims to build confidence in hardware and software products supporting IPv6 networking. veripy is designed to help organizations navigate the complex shift from IPv4 to IPv6 infrastructure.

  • 30 Apr 2012

Building Android Java/JavaScript Bridges

This article explores security vulnerabilities in Android WebView implementations, focusing on Java/JavaScript bridges. It examines methods like addJavascriptInterface and method overriding that allow native code exposure to web content. The research highlights potential attack vectors in cross-platform mobile application development frameworks, particularly in PhoneGap.

  • 27 Apr 2012

MWR SAP Metasploit Modules

Metasploit modules were developed to assess SAP systems through Remote Function Calls (RFC). The modules enable security professionals to enumerate SAP clients, brute force logins, extract user hashes, and execute arbitrary commands across different SAP system configurations.

  • 23 Apr 2012

Adventures with Android WebViews

This article provides guidance on securing Android WebViews by implementing best practices for mobile application security. Key recommendations include disabling JavaScript and plugins, restricting file system access, and implementing resource inspection techniques to prevent potential vulnerabilities. The article details methods for intercepting and controlling resource loading within WebViews to enhance mobile application security.

  • 20 Apr 2012

HackFu Challenge 2012

HackFu 2012 is a cybersecurity challenge event sponsored by MWR in the UK targeting recent graduates and students. The competition offers 10 participants a chance to solve technical challenges in a futuristic "EarthDate: 2139" themed event. Participants will compete in teams at a secret location in the UK, solving various security-related challenges.

  • 18 Apr 2012

HackFu 2012

HackFu 2012 is a cybersecurity event scheduled for June 28-30, set in a futuristic scenario of the year 2139. A select group of invited participants will compete in team challenges. The specific location and challenge details remain a closely guarded secret.

  • 16 Apr 2012

Adventures with iOS UIWebviews

This article explores security challenges with iOS UIWebviews, focusing on techniques to mitigate risks when loading remote content. It discusses methods for implementing secure WebView interactions, including using SSL/TLS, implementing URL request inspection, and carefully managing content loading to prevent unauthorized access to local resources.

  • 2 Mar 2012

Summer Internship Positions

MWR InfoSecurity offers paid summer internships for computer science students interested in cybersecurity research. Internships are approximately 12 weeks long and based in the UK offices. Candidates from second or third year of university with a strong interest in applied computer security are encouraged to apply.

  • 5 Jan 2012

Distributed Hash Cracking on the Web

A distributed hash cracking project explored using WebGL and WebCL technologies to crack password hashes through web browsers. WebGL proved unsuitable for hash computation, but WebCL showed promising performance for parallel processing of hash cracking. The project deployed a distributed system using web advertising to harness browser computing power for password retrieval.

  • 14 Dec 2011

veripy: New Project to Support the Migration to IPv6

MWR InfoSecurity launched a new open-source project called veripy to support IPv6 migration. The project aims to develop a tool for testing equipment readiness according to the RIPE 501 specification. The first version of the tool is planned for release in March 2012, with the goal of providing confidence in IPv6 networking hardware and software.

  • 12 Dec 2011

Tell Us Your Incognito Ideas and Win One of 5 Lego Ninjas

Incognito, a tool for exploiting Windows access tokens launched in 2007, seeks community input on potential improvements. The project aims to enhance the tool's effectiveness by gathering feature suggestions from the information security community. As an incentive, five Lego Ninjas will be awarded to the best feature ideas submitted.

  • 2 Dec 2011

How to find Android 0day in no time

WebContentResolver is an Android assessment tool that exposes Content Providers through a web interface. The tool allows security testing of Android Content Providers by enabling queries and revealing potential vulnerabilities like SQL injection. It provides a simple method to explore and test Content Providers using web application testing techniques.

  • 4 Nov 2011

A taste of Finland - T2 2011

T2 2011 was an intimate Finnish cybersecurity conference featuring technical talks from industry experts. The event covered diverse topics including cyber terrorism, botnet disruption, and emerging security research. Speakers presented innovative technical insights across areas like mobile security, firmware extraction, and cyber threat analysis.

  • 14 Jul 2011

USB Fuzzing for the Masses

This article explores USB fuzzing techniques for discovering vulnerabilities in device drivers across different platforms. Multiple approaches to USB fuzzing are discussed, including virtualized fuzzing using Qemu and hardware-based fuzzing methods. The research highlights potential security risks in USB device driver implementations, demonstrating techniques for crash debugging and vulnerability exploitation.

  • 7 Jul 2011

Debuggable Apps in Android Market

A security analysis of Android applications revealed that approximately 5% of popular free apps are shipped with debugging enabled. Debuggable applications can be exploited by malicious apps to establish a JDWP connection and gain full access to the Java process. Developers are advised to disable debugging before shipping applications to prevent potential security risks.

  • 30 Jun 2011

To the victor goes the gold, to the loser ...

HackFu is a cybersecurity challenge involving two complex technical puzzles set on a fictional "Hacker Island". The challenges require solving network forensics and signal interception problems to uncover hidden information. Participants were tasked with investigating a virtual treasure chest theft and decoding enemy communications using provided network captures.

  • 18 May 2011

The Google Android Update Dilemma

The Android update process involves multiple parties including Google, device vendors, and carriers, creating a complex and fragmented security update mechanism. This multi-stage update chain introduces significant delays and vulnerabilities, as patches must pass through numerous intermediaries before reaching end-users. Google's recent update initiative fails to comprehensively address the fundamental security challenges in Android's update ecosystem.

  • 20 Apr 2011

HackFu 2011 - The Countdown Continues

MWR's annual HackFu cybersecurity event is scheduled for early June with the theme "The Secret of Hacker Island". The event will feature a mysterious location and challenging competition, following the previous year's Cold War-themed event in a nuclear bunker. Special guest invitations have been sent out, with event details remaining confidential.

  • 24 Dec 2010

Forensic Readiness: A Primer

Forensic readiness is a critical component of cybersecurity incident management. The article outlines six key strategies for organizations to prepare for potential security incidents, including accepting that incidents will occur, educating staff, maintaining flexible response plans, enabling communication, implementing robust logging, and dedicating appropriate budget and resources.

  • 17 Nov 2010

A Postcard From Finland!

The article recounts the T2'10 security conference held in Helsinki, featuring technical presentations by MWR InfoSecurity researchers. Talks focused on mobile platform and smart card vulnerabilities, including live demonstrations of attacks on Google Android and Palm WebOS devices. The conference emphasized knowledge sharing and technical research in cybersecurity.

  • 18 Oct 2010

Building Android Sandcastles in Android's Sandbox

This paper examines Android's sandbox architecture and security vulnerabilities beyond traditional kernel-level exploits. The study shifts focus to analyzing systemic and third-party application security risks in the Android ecosystem. The research explores potential security weaknesses in Android's application isolation and sandbox implementation.

  • 14 Sep 2010

A Reason to Visit Stockholm in September?

The SEC-T security conference in Stockholm showcased high-quality cybersecurity talks by MWR InfoSecurity. Presentations covered deployment solution risks, physical security penetration testing, and social engineering methodologies. The conference offered innovative and engaging presentations that provided deep insights into security testing techniques.

  • 14 Sep 2010

Career Opportunities at MWR

MWR InfoSecurity is recruiting technical consultants for its Technical Consultancy Team. The company seeks professionals with strong information security skills to work on client projects and MWR Labs initiatives. Interested candidates are invited to submit their CV and covering letter to the recruitment email address.

  • 2 Sep 2010

Assessing the Tux Strength: Part 2 - Into the Kernel

This article examines Linux kernel security features across different distributions. It analyzes memory protection mechanisms and randomization techniques using tools like paxtest. The research reveals varying levels of kernel-level security settings, with most distributions showing vulnerabilities to certain exploitation techniques. Gentoo with a PaX kernel demonstrated the most robust security settings.

  • 16 Aug 2010

Recent Palm webOS Vulnerabilities - MWR InfoSecurity Clarification

MWR InfoSecurity identified two vulnerabilities in Palm WebOS in May 2010. One local service vulnerability was fixed in version 1.4.5, while a vCard parsing vulnerability remained unaddressed. The company aimed to highlight smartphone security risks through responsible disclosure.

  • 16 Jul 2010

Just Arrived! - Max Pwnage

MWR Labs released Max Pwnage trading cards highlighting significant computer security vulnerabilities from the past 30 years. The cards are available to clients and conference attendees at multiple cybersecurity events in 2010. Max Pwnage is a fictional character representing the discovery and exploitation of computer system vulnerabilities.

  • 7 Jul 2010

Palm webOS 1.4.5 fixes security issue found by MWR InfoSecurity

Palm released webOS version 1.4.5 to address a security vulnerability discovered by MWR InfoSecurity. A detailed advisory will be published after most devices have been updated. The update is being distributed by mobile carriers.

  • 2 Jun 2010

Brave New 64-Bit World

The whitepaper examines the transition from 32-bit to 64-bit computing architectures driven by increasing memory requirements. It explores potential security implications that arise when software is ported to 64-bit systems. The document highlights unexpected challenges that emerge during this technological shift.

  • 30 Mar 2010

CanSecWest 2010

CanSecWest 2010 was a cybersecurity conference featuring notable security research presentations and the Pwn2Own hacking contest. Presentations covered diverse topics including collaborative reverse engineering, fuzzing techniques, kernel vulnerabilities, and wireless device security. The Pwn2Own contest demonstrated successful exploits across multiple web browsers and mobile platforms.

  • 8 Mar 2010

Video: How To Be An RSol: Effective Bug Hunting in Solaris - ShmooCon 2010

A video from ShmooCon 2010 presents a Ruby-based Solaris debugging library. The presentation includes a video and slides discussing the library and its proof-of-concept tools. Materials from the talk are available online for review.

  • 25 Jan 2010

Aurora and Web Browser Security

A technical analysis of web browser security in 2010 revealed significant Address Space Layout Randomization (ASLR) vulnerabilities across major browsers. The study compared default installations of Internet Explorer, Firefox, Opera, Safari, and Chrome on Windows 7, highlighting inconsistent implementation of security mitigation techniques. Market share and exploit complexity were identified as key factors in browser security risks.

  • 18 Jan 2010

Google Forensics (...beta)

File carving is a forensic technique for recovering deleted files by extracting data based on file header signatures. Unique web artifacts like Google's commemorative logos can provide contextual information about system usage and activity. This method allows forensic investigators to reconstruct system interactions by analyzing temporary internet files and their visual content.

  • 18 Jan 2010

Solaris Debugging and Bug Hunting at ShmooCon 2010

Matt Hillman introduces RSol, a Ruby-based debugging tool for Solaris at ShmooCon 2010. The tool explores the effectiveness of DTrace for bug hunting and reverse engineering compared to traditional debugging techniques. RSol aims to become a comprehensive suite that combines debugging and DTrace-based methods.

  • 14 Jan 2010

Adobe Reader Exploit on Vista and 7

A vulnerability in Adobe Reader affecting Vista and Windows 7 systems was discovered, impacting the "media.newPlayer" issue. The exploit functions reliably across multiple Adobe Reader versions, even with ASLR and DEP protections enabled. Disabling JavaScript and applying patches are recommended mitigation strategies.

  • 3 Dec 2009

DeepSec 2009 - Weapons of Mass Pwnage: Attacking Deployment Solutions

A presentation at DeepSec 2009 in Vienna explored security vulnerabilities in Symantec's Altiris Deployment Solution. Luke Jennings discussed potential weaknesses in enterprise deployment technologies. Presentation slides were made available to conference attendees.

  • 3 Dec 2009

DeepSec 2009

DeepSec 2009 was a security conference in Vienna featuring diverse cybersecurity presentations. Talks covered topics including wireless keyboard sniffing, GSM encryption vulnerabilities, virtual machine rootkit detection, and browser attack surfaces. The conference provided insights into emerging security research and potential system vulnerabilities across various technological domains.

  • 17 Nov 2009

Singing the Mainframe Security Blues?

This article explores the security challenges of legacy network protocols, particularly Systems Network Architecture (SNA), in enterprise environments. It emphasizes the critical importance of understanding network technologies beyond IP to effectively assess and mitigate security risks. The key message is that comprehensive network security requires deep knowledge of all protocols in use, not just modern IP-based technologies.

  • 7 Sep 2009

Attacking Altiris at DeepSec '09

Luke Jennings will present research on vulnerabilities in Symantec's Altiris Deployment Solution at DeepSec '09 in Vienna. The presentation will focus on security issues in deployment technologies. Cybersecurity professionals interested in deployment solution security are encouraged to attend the conference.

  • 1 Sep 2009

USB Research to be Presented at t2'09

A USB security research presentation will be given at T2 in Finland, focusing on attack methods and vulnerabilities in USB drivers. The talk will explore potential security risks associated with malicious USB devices and techniques for identifying and exploiting driver vulnerabilities. The presentation follows previous research presented at Defcon 17.

  • 7 Aug 2009

Defcon 17

DefCon 17 featured technical talks covering diverse cybersecurity topics including wireless sensor exploitation, USB security vulnerabilities, and router hacking. Presentations explored critical security issues such as extracting encryption keys, inline hooking techniques, and vulnerability disclosure strategies. The conference highlighted emerging research on hardware and software vulnerabilities across technological domains.

  • 4 Jun 2009

EuSecWest 2009 Run Down

EuSecWest 2009 featured technical presentations on cybersecurity vulnerabilities and attack techniques across multiple domains. Talks covered Microsoft exploit mitigations, PCI bus attacks, Trusted Computing vulnerabilities, iPhone security exploits, and Firefox extension risks. The conference provided insights into emerging cybersecurity research and potential system vulnerabilities.

  • 13 Mar 2009

Have you got bad timing?

Timing attacks exploit variations in system response times to extract sensitive information. A specific example involving Citrix Access Gateway revealed that authentication attempts with valid Active Directory usernames took slightly longer to return failed login messages. This timing difference could potentially allow attackers to identify valid usernames and assist in password guessing attempts.

Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks

A presentation at DeepSec 2008 by Rafael Dominguez Vega explored administrative web application attacks. The talk focused on script injection vulnerabilities discovered through SSID and DHCP attack vectors. Presentation slides are available for download and review.

  • 15 Sep 2008

Stockholm Sec-T Conference Roundup

The inaugural Sec-T conference in Stockholm featured diverse cybersecurity presentations covering virtualization security, cybercrime, and emerging technological threats. Speakers discussed organized criminal activities, vulnerabilities in operating systems, and enterprise software security challenges. The conference provided insights into cutting-edge security research across multiple domains of information technology.

DefCon16 - Virtually Hacking

A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.

  • 11 Aug 2008

Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu

Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.

  • 11 Aug 2008

Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest

The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.

  • 11 Aug 2008

Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool

This blog post compiles recent cybersecurity publications from WithSecure Threat Intelligence Team. The page highlights research on topics including AI security, privilege escalation, cyber threats to the Olympics, and mass exploitation of enterprise infrastructure. Multiple publications and advisories are listed, covering various cybersecurity research and vulnerability discoveries.

  • 31 Jul 2008

Behind Enemy Lines: Administrative Application Attacks White Paper released

A white paper by MWR InfoSecurity explores security vulnerabilities in administrative web applications. The research details how alternative network protocols like DHCP and 802.11 can be leveraged to conduct web-based attacks. The paper provides insights into practical exploitation techniques for testing and compromising administrative web applications.