cryptography

Downgrading RDP connections and how to avoid it

Published 22/04/2016 | By MRL

This post describes how Remote Desktop Protocol (RDP) connections can be vulnerable to a downgrade attack if Terminal Servers are configured insecurely. Continue reading →

Posted in Blog | Tagged cryptography, MiTM, RDP, red team, Windows

RPDscan

Published 06/11/2014 | By FC

RPDscan (Remmina Password Decrypt Scanner) is a tool to find and decrypt saved passwords in Remmina RDP configurations. Continue reading →

Posted in Tools | Tagged auditing, cryptography, RDP, UNIX

POODLE: Padding Oracle On Downgraded Legacy Encryption

Published 15/10/2014 | By GCS

Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566.

The summary is, essentially, that SSLv3 uses a MAC-then-encrypt construction, which doesn’t authenticate the padding as it is applied on the plaintext message before padding or encryption are applied. This gives rise to a padding oracle bug, which is how BEAST worked too. Continue reading →

Posted in Blog | Tagged analysis, cryptography, SSL

EMF Camp 2014 USB scavenger hunt

Published 26/08/2014 | By MWE

This year, Portcullis are running a USB Scavenger Hunt at EMF Camp. For those of you attending, we’ve written this post to give you all the instructions and rules you need to get underway. Good luck! Continue reading →

Posted in Blog | Tagged conference, cryptography, emfcamp2014

Portcullis security consultants to present at BSides London

Published 25/04/2014 | By TMB

We are pleased to announce that two of our security consultants, Graham Sutherland and Tim Brown, will be presenting at the upcoming BSides London security conference on the 29th of April.

BSides London is an annual community-driven security conference which, this year, will be taking place at the Kensington and Chelsea Town Hall in London.

Graham’s talk coincides with the disclosure of a set of vulnerabilities in the administration features of the Citrix NetScaler appliance, which will be discussed in the talk. Continue reading →

Posted in Blog | Tagged Android, BSidesLondon, conference, cryptography, training

Securi-Tay 3 wrap-up

Published 24/01/2014 | By GCS

Of all the conferences I’ve been to, Securi-Tay has always been a favourite. I don’t know whether it’s the mix of security professionals and students, the relaxed atmosphere, or the balance between technical and non-technical talks, but it’s always a great time. For those of you that aren’t familiar with it, Securi-Tay is a student organised and lead conference, held annually by the Abertay Ethical Hacking Society at the University of Abertay, Dundee. This year’s event, held on January 15th (last week, at time of writing), marked the third instance of the conference. Continue reading →

Posted in Blog | Tagged conference, cryptography, Securi-Tay