Portcullis Labs is managed by the Portcullis Security Technical Team and provides an easier access to our public tools and papers. We built this website to share our knowledge without any barrier. You'll find several tools, papers and presentations mostly by security geeks for security geeks.
- Local MySQL Password AuditorLocal MySQL Password Auditor is a python script to assess the strenght of the local MySQL access passwords.
- HeaderCheckHeaderCheck is a python script used to check the security settings of various headers returned by web servers.
- UNIXSocketScannerUNIX socket scanner
- get-dhcp-optsget-dhcp-opts is a tool to discover DHCP/BOOTP servers on your LAN, and dump the DHCP/BOOTP options.
- Big Game Hunting: Simple techniques for bug hunting on big iron UNIXPresentation on auditing and bug hunting on AIX (as given at 44con 2012)
- rdp-sec-checkA tool to enumerate security settings of an RDP Service (AKA Terminal Services)
- ssl-cipher-suite-enumA tool to enumerate supported SSL cipher suites
- VulnAppA vulnerable application written in ASP.net
- Breaking the links: Exploiting the linkerPresentation on exploiting linkers (as given at Uncon 0x12 and CRESTCon 2010)
- HTML 5 Good Practice Guide
- Web Application Password Reset Good Practice GuideOver the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications
- secdumpsecdump is a simple meterpreter module that uploads and runs gsecdump. Nothing fancy, just a time saver.
- nopcnopc is a Nessus based UNIX patch checker. It utalises Nessus' nasls and instructs you on what data you need to manually get from the system to perform that patch check. This was developed for situation when network connectivity to the systems under review is not possible.
- Attacking Windows DomainsCRESTCon presentation looking at the Windows Domain Authentication model
- Apple iOS In the WorkplaceThis whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
- SSHatterPassword brute forcer for SSH
- Firefox Lockdown
- Introducing Heyoka: DNS Tunneling 2.0
- OWASP AU 2009 SlidesSlides from OWASP Appsec Australia 2009.
- Insecure Trends in Web 2.0 Applications