Portcullis Labs


Portcullis Labs is managed by the Portcullis Security Technical Team to provide easy access to our public tools and papers.

We built this website to share some of our knowledge. You’ll find several tools, papers and presentations mostly by security geeks, but all for security geeks.

For Portcullis Computer Security Services, please visit our corporate website to get more information.

Recent Content


  • Heartbleed (11/4/2014)
    - The Team has updated its SSL Good Practice Guide to incorporate the recent Heartbleed attack.
  • SSL Good Practice Guide (11/4/2014)
    - This whitepaper discusses a number of attack vectors for SSL and TLS, offering real world examples where it can.
  • AMES (Another Metasploit Exploit Suggester) (3/4/2014)
    - AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI.
  • New SSL recommendations (1/4/2014)
    - As previously mentioned in SSL: Light at the end of the tunnel, today is the day that our SSL recommendations officially change. From today onwards the Team recommend only TLS versions 1.1 and 1.2. Up until now the Team have accepted the need for SSLv3 and TLSv1 for compatibility reasons, however the time has come to cut the cord. The loss of compatibility should only affect legacy systems. If these systems cannot be updated to support the newer protocols, then weak SSL is likely to be the least of your security concerns!
  • VMware vSphere basics – “The bits and pieces” (21/3/2014)
    - In this article, we will explore the various components that make up the VMware vSphere platform, and briefly touch on the most important of these from the perspective of the security professional.
  • Retrospective decryption of SSL-encrypted RDP sessions (13/3/2014)
    - This post describes how network eavesdroppers might record encrypted RDP sessions and at some later time (after a server compromise) be able to decrypt them. This could expose any data sent over the RDP connection including keystrokes, usernames and passwords.
  • Raspberry ph0wn (11/3/2014)
    - Recently the technical team had a discussion about subversive attack vectors that could be utilised by social engineering attacks to provide a long term remote connection to a network whilst remaining undetected.
  • SSL man-in-the-middle attacks on RDP (4/3/2014)
    - This post seeks to demonstrate why users learning to ignore those certificate warnings for SSL-based RDP connection could leave them open to man-in-the-middle (MiTM) attacks. The MiTM attack demonstrated displays keystrokes sent during an RDP session. We conclude with some advice on how to avoid being the victim of such an attack.
  • NTFS Alternate Data Streams for pentesters (part 1) (27/2/2014)
    - Alternate Data Streams (ADS) have been present in modern versions of Windows for a long time. If you are using a NTFS filesystem, you can bet that you are using them. As penetration testers, we can use that OS-specific feature in our advantage. In the following posts information required to understand and identify potential ADS-related issues will be provided. This post will provide the required background to understand some common scenarios that could be useful during the penetration testing engagements.
  • MS SQL Server audit: Surface area reduction (part 1) (26/2/2014)
    - SQL Server has a number of components that allow clients to connect and communicate with it. Microsoft introduced the term, “Surface Area Reduction” as a security measure that involves stopping or disabling unused components. Like the name suggests, it reduces the number of ways that an attacker could try to interrogate the SQL Server.
  • CVE-2013-5795: Oracle Demantra database credentials leak vulnerability (20/2/2014)
    - The purpose of this post is to present a technical report of the CVE-2013-5795 vulnerability. This bug was found on a bug hunt weekend.
  • CVE-2013-5880: Oracle Demantra authentication bypass vulnerability (19/2/2014)
    - The purpose of this post is to present a technical report of the CVE-2013-5880 vulnerability. This bug was found on a bug hunt weekend.
  • WordPress Build Review Tool (14/2/2014)
    - WordPress-build-review is a tool to check the basic security settings in a WordPress installation.
  • rdp-sec-check (12/2/2014)
    - rdp-sec-check is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services).
  • Checking RDP support across an internal network (10/2/2014)
    - We’ve recently added some new features to rdp-sec-check, which is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services). The tool download is available in the rdp-sec-check page.

Twitter Feed