Presentation on vulnerabilities in the Symmetricom (Micro Semi) S350i time server (as given at EMF Camp 2014). Continue reading
Recently, researchers at Trustwave’s SpiderLabs spoke at Black Hat Europe on the dangers of simply reflecting data back to the requesting user as part of an HTTP request/response exchange. When you think about it, this stands to reason, after all, it’s what Cross-site Scripting attacks are born from. What’s interesting is that the new research discussed another way in which it could be exploited. Continue reading
Some bugs are so simple and so elegant that you wonder how it is possible that no one has found them until now. Those are my favorites. They are simple, they do not involve memory corruption and most of the time they do not even need an advanced exploit code to abuse it. Stéphane Chazelas’ Bash bug is one of these bugs. Continue reading
We recently announced our sponsorship of EMF Camp 2014, were ready to go Portcullis flags in tow and will be heading on over to Milton Keynes to help get EMF ready.
While there we will not only be sponsoring the Lounge where people can come and enjoy a space to relax and drink beer and setting up Portcullis Village where people can visit us and exchange ideas but we will be having members of Portcullis hosting talks throughout the weekend. Continue reading
Presentation on system level vulnerabilities (as given at BT’s SnoopCon 2014). Continue reading
Some time ago I was on an internal infrastructure pentest job where I found a web server that hosted the TimeLive application. I had never heard of this application, and since I was looking at a login page, I opened a browser to my favourite search engine. The following is a brief explanation of things that I shouldn’t have found. Continue reading
AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI. Continue reading
The purpose of this post is to present a technical report of the CVE-2013-5795 vulnerability. This bug was found on a bug hunt weekend. Continue reading
The purpose of this post is to present a technical report of the CVE-2013-5880 vulnerability. This bug was found on a bug hunt weekend. Continue reading
Windows system objects are one of the interesting areas of binary application assessments that are often ignored or misunderstood. Many people don’t realise that abstract Windows application programming concepts such as mutexes, events, semaphores, shared memory sections, and jobs all come together under the purview of the Windows Object Manager. These objects, like those in the filesystem and registry namespaces, have all sorts of interesting security impacts when not properly managed. Continue reading