Research and Development

Portcullis Labs


Portcullis Labs is the R&D arm of Cisco’s Security Advisory team in EMEAR.

We built this web site to share some of our knowledge. You’ll find several tools, papers and presentations mostly by security geeks, but all for security geeks.

For more information about Cisco’s Services, please visit our corporate web site to get more information.

Recent Content


  • Adventures in RF: Using Inspectrum to analyse FSK and ASK/OOK signals (4/6/2018) -
    In this post we’ll take a brief look at inspectrum, a graphical tool for analysing signals captured via software defined radio (SDR) receivers – like the RTL-SDR or HackRF One. We’ll run through two examples of viewing digital signals. The first uses frequency shift keying (FSK). The second uses amplitude shift keying on-off keying (ASK/OOK). These […]
  • JTAG on-chip debugging: Extracting passwords from memory (3/29/2018) -
    Following on from my colleague’s post on using UART to root a phone, I look at another of our challenges, whereby sensitive information such as passwords can be extracted from a device’s memory if physical access to the device is acquired. The goal and target The target device is the BroadLink RM Pro universal remote […]
  • UART Debugging: Rooting an IP Phone using UART (3/23/2018) -
    In this post I share my solution to an internal hacker challenge relating to identifying the UART pins on a VOIP phone and using them to gain root access. UART (Universal Asynchronous Receiver-Transmitter) is a hardware device that is used for serial communications. It comes in the form of a physical circuit or as a […]
  • Hardware hacking: How to train a team (3/9/2018) -
    This is the first in a proposed series of blog posts that plan to give an insight into the ways we devised to train up our team in hardware hacking tools and techniques. This first post acts as an introduction to the regime to show off each of the challenges we set up to train […]
  • Secrets of the motherboard (2/16/2018) -
    Presentation on “interesting” features of the Intel x86[_64] platform (as given at 44CON 2017). A lot of recent work has gone into the discovery, analysis, and (on occasion) marketing of hardware weaknesses in the Intel x86[_64] platform particularly with respect to how it is often implemented as part of specific motherboard designs. Some, such as […]
  • Keep your cookies safe (part 2) (2/15/2018) -
    In the first blog post we talked about the dangers that your cookies are exposed. Now it is time to keep your cookies safe. Time to know what protection mechanisms there are, how to use them and why. How to read this post? The flowchart below will guide you to the process to check if […]
  • MS SQL Server audit: Surface area reduction (part 2) (2/15/2018) -
    Continuing on from part 1, we will look other benchmark settings that will help to reduce the surface area of attack. Other settings There are a number of other settings in the Center for Internet Security (CIS) Security Benchmark for SQL Server relating to surface area reduction that should be considered: Set is_trustworthy settings for […]
  • Enforcing a write-xor-execute memory policy from usermode (2/2/2018) -
    If BuzzFeed ran an article titled “26 Security Features You Probably Shouldn’t Enforce From Usermode”, this one would almost certainly make the list. But, for whatever reason, I thought it would be a fun learning experience to try to enforce a W^X memory policy from usermode. Some of you are probably asking what the heck […]
  • SSL/TLS Hipsterism (11/17/2017) -
    Presentation on finding implementation* bugs outside the mainstream (as given at Securi-Tay 2017). A lot of fantastic work has gone into the discovery, analysis, and (on occasion) marketing of SSL/TLS vulnerabilities. Some, such as BEAST and LUCKY13, are issues in the protocol itself. Other bugs, however, affect individual implementations of this complicated and nuanced protocol. […]
  • Windows 10’s “Controlled Folder Access” feature (11/16/2017) -
    Microsoft released a rolling upgrade of Windows 10 in October 2017. The “Fall Creators” edition (version 1709, codename Redstone 3) contains a new feature called “Controlled Folder Access”, which is designed to combat ransomware attacks. Controlled Folder Access is part of Windows Defender Security Centre that works with Windows Defender Anti-Virus to prevent “suspicious” executable […]
  • Hindering Lateral Movement (10/27/2017) -
    Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other […]
  • Web Application Whitepaper (9/6/2017) -
    This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not […]
  • Is your sign signed? (8/3/2017) -
    Modern autonomous vehicles use a number of sensors to analyse their surroundings and act upon changes in their environment. A brilliant idea in theory, but how much of this sensory information can we actually trust? Cisco’s Security Advisory R&D team, a.k.a. Portcullis Labs, decided to investigate further. Various researchers have documented attacks against vehicle sensors […]
  • Exploring Windows Subsystem for Linux (7/27/2017) -
    Whilst there has been quite a lot of analysis of Microsoft’s new Windows Subsystem for Linux (aka WSL or Bash on Ubuntu on Windows) and how it functions (particularly from Alex Ionescu), most of this has focused on how it affects the Windows security model. Being a keen UNIX focused researcher, I decided to take […]
  • A study in scarlet (7/20/2017) -
    In the modern age, where computers are used for nearly everything we do, the damage that can be caused to a company by cyber-attacks is substantial, with companies losing millions in regulatory fines, compensation and declining share prices. While some of these breaches have been caused by vulnerabilities within the target company’s infrastructure/software, a large […]

Twitter Feed