Research and Development

hardening

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Continue reading

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Continue reading

If BuzzFeed ran an article titled “26 Security Features You Probably Shouldn’t Enforce From Usermode”, this one would almost certainly make the list. But, for whatever reason, I thought it would be a fun learning experience to try to enforce a W^X memory policy from usermode. Some of you are probably asking what the heck a W^X policy is in the first place, and I’m terrible at thinking of ways to start blog posts (case in point: this paragraph), so I guess we’ll start out there. Continue reading

As many of our regular readers will know, the Portcullis Labs team have a good deal of experience with reviewing the security of POSIX alike OS, and as a result, we’ve made some interesting discoveries in terms of how easy it can be to escalate ones privileges. As I discussed some time ago at CRESTCon, one particular avenue of attack that we like is the runtime linker itself. As part of our ongoing research, I’ve recently issued a request for comments for a patch that tackles a number of systemic weaknesses in the Linux (glibc) runtime linker that we often exploit. A few further points on the rationale… Continue reading