TMB

44CON uncovered

Published 21/06/2014 | By TMB

Presentation on system level vulnerabilities (as given at BT’s SnoopCon 2014). Continue reading →

Posted in Presentations | Tagged 44CON, conference, exploit, imisslsd, root, SnoopCon, UNIX

Portcullis security consultants to present at BSides London

Published 25/04/2014 | By TMB

We are pleased to announce that two of our security consultants, Graham Sutherland and Tim Brown, will be presenting at the upcoming BSides London security conference on the 29th of April.

BSides London is an annual community-driven security conference which, this year, will be taking place at the Kensington and Chelsea Town Hall in London.

Graham’s talk coincides with the disclosure of a set of vulnerabilities in the administration features of the Citrix NetScaler appliance, which will be discussed in the talk. Continue reading →

Posted in Blog | Tagged Android, BSidesLondon, conference, cryptography, training

SSL Certificate Good Practice Guide

Published 03/02/2014 | By TMB

This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Continue reading →

Posted in Whitepapers | Tagged GPG, SSL, training

Se* and you

Published 28/01/2014 | By TMB

Inspired by GRSecurity‘s analysis of the Linux capabilities model, I thought I’d take a quick look at how Windows fares. The following is a brief analysis of the threats associated with each Se* privilege. Continue reading →

Posted in Blog | Tagged analysis, Windows

cspCalculator

Published 08/01/2014 | By TMB

cspCalculator is a PoC implementation of a dynamic Content Security Policy creator. Continue reading →

Posted in Tools | Tagged HTML5, SDL, training

Evaluating SteamOS’s security posture (a first look)

Published 16/12/2013 | By TMB

Security researchers love the new shiny and whilst some like playing games too, I am not one of those. That being said, I have researched UNIX like OS for a number of years and I’m constantly thrilled by the new uses people find for it. This security evaluation was performed against the beta tree of SteamOS, a new, “open” games platform from the developers at Valve. Continue reading →

Posted in Blog | Tagged analysis, hardhack, SteamOS

In the lab, popping CVE-2013-2171 for FreeBSD 9.0…

Published 11/12/2013 | By TMB

As a security researcher, I’m keen to learn new exploitation techniques and the art of kernel exploitation is no exception. Whilst preparing my slides for 44CON 2013, I was looking for an easy kernel vulnerability to demonstrate. CVE-2013-2171 was a recent vulnerability that was reported in FreeBSD 9.0 which fitted the bill. Continue reading →

Posted in Blog | Tagged analysis, CVE-2013-2171, exploit, FreeBSD

Memory Squatting: Attacks On System V Shared Memory

Published 13/11/2013 | By TMB

Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. Continue reading →

Posted in Whitepapers | Tagged 44CON, analysis, exploit, imisslsd, UNIX

smaSHeM

Published 12/11/2013 | By TMB

smaSHeM is a System V shared memory segment manipulator. Continue reading →

Posted in Tools | Tagged 44CON, conference, exploit, imisslsd, UNIX

I miss LSD

Published 15/09/2013 | By TMB

Presentation on system level vulnerabilities (as given at 44CON 2013). Continue reading →

Posted in Presentations | Tagged 44CON, conference, exploit, imisslsd, root, UNIX