Portcullis Labs - White Papers

Apple iOS In the Workplace | Content

Wed, 16 Feb 2011 12:45:23 GMT

This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.

The intended audience for this is technical/managerial, that is to say, in parts it will be moderately technical, but the key focus will be the provision of information to those planning or evaluating roll outs of iOS based devices in order that they are able to accurately understand the risks associated with this.

Firefox Lockdown | Document

Tue, 23 Jun 2009 15:02:12 GMT

With Firefox's popularity rising on a day-by-day basis, many corporate environments are starting to employ the power of Firefox as their default browser. But without sufficient restrictions or lock-downs Firefox becomes a powerful client controlled web browser that a sophisticated user can manipulate for their own benefits.

Firefox can be locked down similar to Internet Explorer, and this guide will give you the relevant information that is needed to create a secure, locked-down configuration, to restrict knowledgeable users actions into manipulating Firefox for their own needs.

Deep Blind SQL Injection | Content

Mon, 18 Aug 2008 06:28:37 GMT

Deep Blind SQL Injection reading data is more complex than in classic blind injection. However it is still possible to retrieve data, moreover it is possible with a 66% reduction in the number of requests made of the server, requiring two rather than six requests to retrieve each char.

Download White Paper

DoS Attacks Using SQL Wildcards | Content

Mon, 18 Aug 2008 06:19:30 GMT

This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks:

1- An SQL Server Backend;
2- More than 300 records in the database and around 500 bytes of data per row;
3- An application level search feature.

As you might notice I have just described 90% of Microsoft SQL Server based CMSs, blogs, CRMs and e-commerce web applications. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable.

Download White Paper

Next generation malware: Windows Vista's gadget API | Document

Mon, 31 Mar 2008 14:52:03 GMT

Windows has had the ability to embed HTML into it's user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with Windows Vista.

Having Fun With PostgreSQL | Document

Thu, 27 Mar 2008 11:30:19 GMT

PostgreSQL is one of the most commonly used open source database management systems. This paper describes weaknesses in the PostgreSQL configuration that may be abused for privilege escalation, as well as remote command execution and the uploading of arbitrary files to the system.

XSS Tunnelling | Document

Wed, 02 Apr 2008 10:25:00 GMT

XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation.

Download Paper

Tools mentioned in the paper: