http://labs.portcullis.co.uk Labs Portcullis updates. en Labs portcullis Fri, 15 Feb 2013 16:55:22 GMT http://backend.userland.com/rss 60 hhttp://labs.portcullis.co.uk/mg/logo.gif http://labs.portcullis.co.uk Mon, 10 Sep 2012 14:32:41 GMT http://labs.portcullis.co.uk/application/big-game-hunting-simple-techniques-for-bug-hunting-on-big-iron-unix/ <p style="margin: 0px; "><!--StartFragment-->Presentation on auditing and bug hunting on AIX (as given at 44con 2012).</p> <p style="margin: 0px; ">&nbsp;</p> <p style="margin: 0px; ">Simple techniques for bug hunting on big iron UNIX. The talk will build on the work previously done in my &ldquo;Breaking The Links&rdquo; paper but will focus on AIX and associated IBM products. The talk will include some new bugs as well as going through a simple methodology for finding them.<br /> <!--EndFragment--></p> Tue, 27 Mar 2012 01:26:35 GMT http://labs.portcullis.co.uk/application/breaking-the-links-exploiting-the-linker/ <p><span style="color: rgb(51, 51, 51); font-family: Verdana,Arial,sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; background-color: rgb(255, 255, 255); display: inline ! important; float: none;">Presentation </span>on exploiting linkers based on <a href="http://www.nth-dimension.org.uk/downloads.php?id=77">my paper</a> (as given at Uncon 0x12 and CRESTCon 2010).</p> <p>I am currently working on an update to the paper which will focus on other UNIX like OS with the aim of sharing some of my findings at a future conference.</p> Fri, 23 Mar 2012 13:23:10 GMT http://labs.portcullis.co.uk/application/attacking-windows-domains/ <p>Windows Domains use a single sign on system, authenticate to one machine, you can then use that machine to access all of your available resources accross that domain. This is great for users but also for attackers. This presentation covers a number fo techniques and tools that be used to take control of a windows domain without ever needing to run time consuming password cracking.&nbsp;</p> Tue, 24 Mar 2009 14:45:47 GMT http://labs.portcullis.co.uk/application/heyoka-1/ <p>Slides from <a href="http://sourceconference.com">SOURCE Boston 2009</a>, presenting <a href="http://heyoka.sf.net">heyoka</a>, a new DNS tunneling tool that uses spoofed traffic to avoid detection and multiple encodings to improve speed. By Alberto Revelli and Nico Leidecker.</p> Thu, 19 Mar 2009 13:14:32 GMT http://labs.portcullis.co.uk/application/owasp-au-2009-slides/ <p>Slides from OWASP Australia 2009.</p><div style="width:425px;text-align:left" id="__ss_1140849"><a style="font:14px Helvetica,Arial,Sans-serif;display:block;margin:12px 0 3px 0;text-decoration:underline;" href="http://www.slideshare.net/sumsid1234/owasp-au-rev4?type=presentation" title="Owasp Au Rev4">Owasp Au Rev4</a><object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=owaspaurev4-090313060629-phpapp02&stripped_title=owasp-au-rev4" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=owaspaurev4-090313060629-phpapp02&stripped_title=owasp-au-rev4" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object><div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px;">View more <a style="text-decoration:underline;" href="http://www.slideshare.net/">presentations</a> from <a style="text-decoration:underline;" href="http://www.slideshare.net/sumsid1234">sumsid1234</a>.</div></div> Fri, 31 Oct 2008 16:08:40 GMT http://labs.portcullis.co.uk/application/insecure-trends-in-web-2-0/ <p>Non technical talk about insecure trends in Web 2.0 applications. Explains what's wrong with today's Web 2.0 applications and why new comers keep repeating these.</p> <p>&nbsp;</p> Fri, 31 Oct 2008 16:00:50 GMT http://labs.portcullis.co.uk/application/flash-security/ <p><a href="/download/Flash-Security.pps">This presentation</a> given at <a href="http://www.riatalks.com/istanbul/agust/index.cfm">RIATalks</a>, it's about fundamental flash security issues, attack surface of Flash and secure development.</p> <p>During the presentation there was stealing data through vulnerable Crossdomain.xml files, <a href="/download/FlashSecurityCrossdomain.zip">you can download source code of this file - FlashSecurityCrossdomain.zip</a>.</p> Tue, 17 Jun 2008 13:11:17 GMT http://labs.portcullis.co.uk/application/introduction-to-format-strings/ <h2>What?</h2> <p>This presentation tries to cover the basics of format strings exploitation. Starting with an explanation of the legitimate use of Format Strings (Yin) moving onto how programming flaws can be exploited using this technique.</p> <h2>Why?</h2> <p>I spent many months getting my head aorund the nuonces of FS explitation so though I would put together a presentation on all the little things that I though were they key points when coming accross this subject for the first time. This hopefully will&nbsp; act as a good basis for the <a href="/content/more-adventures-in-format-strings/">More Adventures In Format Strings</a> presentation</p> Wed, 02 Apr 2008 16:23:40 GMT http://labs.portcullis.co.uk/application/how-to-detect-and-exploit-99-of-xss-vulnerabilities/ <p>This presentation has given in Intercon 2007 (Portcullis's internal conference), Talks about exploiting and identifying most common XSS vulnerabilities in real world. </p> <p>Examples include following types,</p> <ul> <li>Classic XSS Vulnerabilities</li> <li>In HTML Attributes</li> <li>In Comments</li> <li>In Javascript Blocks</li> <li>DOM Based XSS</li> <li>Flash Based XSS</li> <li>Direct Linking</li> </ul> <p>Presentation was heavily based on demonstration, so you need to fill in the blanks.</p> Tue, 01 Apr 2008 15:30:22 GMT http://labs.portcullis.co.uk/application/gui-access-through-sql-injection/ <p>Slides presented by Alberto Revelli at OwaspDay II in Rome, 31/03/2008. They describe some SQL Injection tricks that can be used to get a full access to the DB server's operating system. The examples are mainly focused on MS SQL Server, but the concepts are valid for other DBMS as well.</p> Mon, 14 Apr 2008 15:11:37 GMT http://labs.portcullis.co.uk/application/more-adventures-in-format-strings/ <h2>What?</h2> <p>This presentation covers a method for exploiting format string vulnerabilities which is compared to techniques used for exploiting heap smashes. It does not not cover the basics of the vulnerability because these seem ten a panny.</p> <h2>Why?</h2> <p>Much work has been written about covering the underlying principles of format strings but not much seemed to be written concerning this specific technique. More over is was written to push forward a method and library that can be used to optimise format strings to fit into smaller buffer spaces</p>