Research and Development

We’re not really, but some of the Portcullis Labs Team are off to OHM 2013 in Holland. For those of you who don’t know, OHM is the latest in a long line of four yearly “hacker” conferences that take place in a field, with the participants camping out. Unlike more conventional conferences such as DEF CON in Vegas, OHM and its previous incarnations focus on more than simply traditional information security, by also appealing to those who appreciate the DIY spirit of the maker community. Unlike the aforementioned DEF CON, you will see talks on topics such as how to make cheese and 3D printing at OHM. With this in mind, and with the promise of post-con articles on things we enjoyed, I asked the Team what talks they’re particularly keen to see:

  • NetBSD network security vulnerability disclosure” – This talk covers a recently discovered vulnerability in the NetBSD networking code. One for those of you who have an interest in UNIX focused security research, hopefully we’ll see some kernels panic. #imisslsd
  • Decoding memory dumps of mobile phones and navigation systems” – This is a workshop that looks at how to analyse the memory dumps of common mobile phones and other similar devices. Having already performed some work in this space to give our customers a worst case scenario for lost and stolen phones and contributed some of our expertise to the forthcoming OWASP mobile methodologies, we’re wondering if there are any neat tricks we’ve missed
  • Non-signature payload-based intrusion detection” – Talk showing off a non-signature payload-base approach to intrusion detection. We assume it will catch Meterpreter but what about our custom payloads?
  • Trolling the web of trust ” – The web of trust is often considered a strength of PGP however just like Facebook, it can also inform your adversary about the friends you keep. So perhaps you’d like to be friends with key ID 0xF2D755CC? (clue: check out http://pgp.mit.edu/)
  • Rescuing email from the cloud” – Perhaps the flip side to the previous talk, despite the potential for information leakage, PGP presents the only real option for those of you who want to avoid the Internet equivalent of sending all your correspondence as postcards. So what exactly do we do about web mail services that live in the cloud?
  • Hacking your car with open source hardware and software” – We tried to persuade one of our previous employees to let us hack his BMW, he said “no”. This talk promises some new tricks which will benefit next year’s White Hat Rally participants. Best dressed card this year went to our Roving Muppets, but I fully expect that next year, we’ll win it outright!
  • SIM card exploitation” – All over the news at the moment, Karsten Nohl talks about his investigations into Java-based SIMs and the possibilities for remote attacks against mobile phones utilising SMS as an entry point. We’re hoping that it will build on the previous THC research
  • Counter-cryptanalysis: Fire retardant for the next Flame-like attack on MD5 and SHA-1” – Marc Stevens is responsible for some of the more interesting research on viable attacks on SHA-1. This talk will look at some of the state-of-the-art collision attacks on hashing algorithms that are “just around the corner” and how they might be mitigated. We expect this talk to be hot!
  • Even more clipboard fun” – This is all about tricks involving invisible control characters, which whilst unseen on a web page, may when pasted into an xterm yield unexpected command execution.
  • Cisco in the sky with diamonds” – Having previously looked at Huawei, Felix “FX” Lindner pops up to give us the skinny on some recent Cisco research.
  • Low-cost vulnerability research: XSLT fuzzing as a case study” – A talk by Nicolas Grégoire covering his fuzzing of a number of XSLT parsers. If you’re processing XML (and who isn’t these days) then inform yourself on the risks you face
  • Make your own spork” – Seriously, who wouldn’t?

Anyway, the Team will be heading out on Tuesday morning and heading back on Sunday evening. We’re going to be located in the EMF village, so feel free to pop by for a beer if you’re fortunate enough to be attending too.

Editor’s note: A little bird pointed out that I’d spelt Karsten Nohl’s name incorrectly. This has now been fixed.


Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)