Research and Development


Some time ago I was on an internal infrastructure pentest job where I found a web server that hosted the TimeLive application. I had never heard of this application, and since I was looking at a login page, I opened a browser to my favourite search engine. The following is a brief explanation of things that I shouldn’t have found. Continue reading

Windows system objects are one of the interesting areas of binary application assessments that are often ignored or misunderstood. Many people don’t realise that abstract Windows application programming concepts such as mutexes, events, semaphores, shared memory sections, and jobs all come together under the purview of the Windows Object Manager. These objects, like those in the filesystem and registry namespaces, have all sorts of interesting security impacts when not properly managed. Continue reading

Inspired by GRSecurity‘s analysis of the Linux capabilities model, I thought I’d take a quick look at how Windows fares. The following is a brief analysis of the threats associated with each Se* privilege. Continue reading

URL shorteners are a main-stay of Internet use these days, helping users to cut down unsightly long URLs to concise links that can be easily shared. Social media has helped to fuel the popularity of the various services available, but how do you know if you can trust the link you’re clicking? I’ve always been wary of shortened links and decided I’d take a look at how you can check what it is you’re actually clicking on. Continue reading

Security researchers love the new shiny and whilst some like playing games too, I am not one of those. That being said, I have researched UNIX like OS for a number of years and I’m constantly thrilled by the new uses people find for it. This security evaluation was performed against the beta tree of SteamOS, a new, “open” games platform from the developers at Valve. Continue reading

The purpose of this document is to present a technical report of the CVE-2013-5065 vulnerability. A few days ago, FireEye identified a 0 day kernel exploit embedded within a PDF document actively used in the wild. The vulnerability itself is present in the NDProxy kernel driver. Whilst this is present in all versions of Windows, the vulnerability itself is only present in Windows 2003 and XP. The NDProxy driver is responsible for interfacing NDISWAN and CoNDIS WAN drivers to the TAPI services. Continue reading