Portcullis Labs » Whitepapers

Web Application Whitepaper

TMB — Wed, 06 Sep 2017 11:12:46 +0000

This document aims to analyse and explore data collected from technical assurance engagements during 2016.

The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a result, the co-authors (Simone and Isa) chose to compare the EMEAR team’s statistics from 2016 against the now public 2017 Top 10 published by OWASP. Additionally, they also took a look at the most common web application issues reported by the Team during the last year and analysed their impact and severity.

WAW.pdf
September 6, 2017
Version: 1.0

925.6 KiB
MD5 hash: 0986d3ab7f6f55c71199296189ce5f62
Details

The post Web Application Whitepaper appeared first on Portcullis Labs.

Hacking the Belkin E Series Omniview 2-Port KVM Switch

IPP — Wed, 05 Apr 2017 06:44:37 +0000

Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities in hardware. This document considers the potential risk posed by hardware modification of seemingly innocuous hardware devices attached to critical systems, by showing how a simple KVM switch can be modified for use as a key logger.

Talos_BelkinWhitePaper.final_.pdf
April 5, 2017

547.3 KiB
MD5 hash: 20411b5e5d2ff1c17d09b73ded5172c6
Details

HackingBelkinKVMSwitch.zip
April 5, 2017

15.5 KiB
MD5 hash: f1bbdcd02742a66a6234f9f31b388227
Details

The post Hacking the Belkin E Series Omniview 2-Port KVM Switch appeared first on Portcullis Labs.

SSL Good Practice Guide

MWE — Fri, 11 Apr 2014 05:00:53 +0000

This document discusses a number of attack vectors for SSL and TLS, offering real world examples where it can.

It also offers advice on how to protect and correctly configure, with the goal of helping ensure that SSL services have a minimised attack surface.

SSLGPG-1.4.pdf
September 23, 2015
Version: 1.4

578.6 KiB
MD5 hash: f1d0976053e839a85dd19259ba26b0c0
Details

SSLGPG-1.2.pdf
April 10, 2014
Version: 1.2

584.5 KiB
MD5 hash: 1c660fa51cb46805ee76a515aa330005
Details

SSLGPG-1.1.pdf
April 1, 2014
Version: 1.1

578.0 KiB
MD5 hash: 47029e16f8d2ccf5f041d368722c40b7
Details

SSLGPG.pdf
September 20, 2013

576.1 KiB
MD5 hash: eb0599b73eb8f3ef5110d30e14acb32e
Details

The post SSL Good Practice Guide appeared first on Portcullis Labs.

SSL Certificate Good Practice Guide

TMB — Mon, 03 Feb 2014 17:03:24 +0000

This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment.

Whilst this document is not intended to be definitive, Portcullis believes that it should provide a high level summary of the issues that are typically present in such an environment, along with proposals as to how they can be mitigated.

SSLCGPG-1.2.pdf
September 24, 2015
Version: 1.2

543.4 KiB
MD5 hash: 5cb28138af43c817092f9d09dc548df6
Details

SSLCGPG.pdf
February 3, 2014

542.8 KiB
MD5 hash: 881c9e4e53d998379d7ee61cf6299f9a
Details

The post SSL Certificate Good Practice Guide appeared first on Portcullis Labs.

Memory Squatting: Attacks On System V Shared Memory

TMB — Wed, 13 Nov 2013 03:26:00 +0000

Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage.

What follows should, however, provide a high-level summary of issues, impacts and methods of remediation in cases where System V shared memory segments are used in an insecure fashion. This paper was released as part of my presentation at 44CON 2013 entitled “I miss LSD“.

MSAOSVSM.pdf
November 13, 2013

569.3 KiB
MD5 hash: 2511c7c09b51f39b74f37ed5e79fe1b5
Details

The post Memory Squatting: Attacks On System V Shared Memory appeared first on Portcullis Labs.

HTML 5 Good Practice Guide

TMB — Fri, 26 Apr 2013 17:54:06 +0000

This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5.

Portcullis was asked to provide consultancy in the form of analysis and good practice recommendations with respect to migrations from Flash to HTML 5.

Whilst this document is not intended to be a definitive guide, Portcullis believes that it should provide a high level summary of the pros and cons of the proposed migration.

HTML5GPG.pdf
April 26, 2013

383.1 KiB
MD5 hash: 419f5768fc2814c6e1eeaa774ba42148
Details

The post HTML 5 Good Practice Guide appeared first on Portcullis Labs.

Web Application Password Reset Good Practice Guide

KTC — Fri, 26 Apr 2013 17:53:01 +0000

Over the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications.

This document aims to detail the key features of secure password reset procedures which can be used within web applications. As well as detailing these feature is gives examples of how the reset can be done.

PRGPG.pdf
April 26, 2013

355.9 KiB
MD5 hash: 7aeb675c0aad6501eddb10ba3fd125b3
Details

The post Web Application Password Reset Good Practice Guide appeared first on Portcullis Labs.

Apple iOS In the Workplace

RUS — Wed, 16 Feb 2011 17:57:31 +0000

This document discusses the security of Apple iOS with particular focus on its usage in the workplace.

The intended audience for this is technical/managerial, that is to say, in parts it will be moderately technical, but the key focus will be the provision of information to those planning or evaluating roll outs of iOS based devices in order that they are able to accurately understand the risks associated with this.

iOSinTheWorkplace-WPIOS2011.pdf
April 26, 2013

1.1 MiB
MD5 hash: b36063ebf62406da23afbad2ef455be1
Details

The post Apple iOS In the Workplace appeared first on Portcullis Labs.

Firefox Lockdown

APD — Fri, 26 Apr 2013 17:55:02 +0000

Firefox can be locked down similar to Internet Explorer, and this guide will give you the relevant information that is needed to create a secure, locked-down configuration, to restrict knowledgeable users actions into manipulating Firefox for their own needs.

With Firefox’s popularity rising on a day-by-day basis, many corporate environments are starting to employ the power of Firefox as their default browser. This document explains how, with insufficient restrictions or lock-downs Firefox becomes a powerful client controlled web browser that a sophisticated user can manipulate for their own benefits.

LockingDownFirefox.pdf
April 26, 2013

222.6 KiB
MD5 hash: e33cb0403e88a908066b63cae72ccf64
Details

The post Firefox Lockdown appeared first on Portcullis Labs.

XSS Tunnelling

FM — Fri, 26 Apr 2013 17:42:49 +0000

XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation.

XSS-Tunnelling.pdf
April 26, 2013

257.4 KiB
MD5 hash: 6fc8c1b79fd57a8e351b1b1c8ecdbdb5
Details

The post XSS Tunnelling appeared first on Portcullis Labs.