Publications
Recent publications produced by MWR InfoSecurity are listed below in date order. On this page you can also find recent presentations and White Papers from MWR InfoSecurity consultants.
Full TextWhite Paper: Behind Enemy Lines: Administrative Application Attacks
Jul 31, 2008
A white paper was released by MWR InfoSecurity discussing the security implications of administrative web applications.
This explains how the use of alternative protocols (such as DHCP and 802.11) can be used to perform web based attacks. The white paper also explains the different methods available for exploiting these issues in practice, and details how tools can be built to test and exploit them.
The paper is based upon original research by Rafael Dominguez Vega and can be downloaded using the link provided above.
White Paper: IBM WebSphere MQ Security Part 1
May 06, 2008
The first in a series of white papers discussing IBM WebSphere MQ security has been released by Martyn Ruks of MWR InfoSecurity.
IBM’s WebSphere MQ is a widely used and respected middleware application for handling messaging within an enterprise network. Its popularity and level of adoption arises from its robustness, scalability, functionality and compatibility with a wide range of platforms and applications. Whilst the software has a large number of security features the complexity of the environments within which it operates often results in it being poorly configured. This environmental complexity and the richness of the product’s feature set can make it an attractive target to attackers. In an era when “front-end” web applications and “back-end” databases are subject to increasingly intensive security testing the weakest link in an application can now often be found in the middleware.
Applications that are not well documented within penetration testing manuals and for which there is no well defined testing toolkit available can often be brushed over during a penetration test. However, a skilled attacker will not concern themselves with such limitations and could exploit any vulnerabilities that are present in the system with devastating effect. This paper documents the results of research and investigation into WebSphere MQ systems and introduces a methodology for assessing the security of the software product from the perspective of a penetration tester.
It has been discovered that WebSphere MQ environments can be secured but this is not a trivial process and a detailed understanding of the technology is required. The information included within this document can be used to understand the requirements of those people who are responsible for the security of such environments.
White Paper: Security Implications of Windows Access Tokens
Apr 16, 2008
A white paper has been published by Luke Jennings of MWR InfoSecurity which discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft® Windows Operating System.
A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.
Discussion is also included about why many corporate environments (assessed during penetration tests conducted by MWR InfoSecurity) have been found to not be operating in a manner which limits the risk of such issues. Finally, best practice advice is given on how to defend against these attacks.
It must be noted that the security issues discussed in this white paper do not represent a flaw in the Microsoft® Windows Operating System but are an expected consequence based on the design and implementation of Windows access tokens. The important point is that many corporate environments do not account for these issues within their security strategy and, consequently, the controls in many of these environments are not sufficient to withstand the techniques discussed here.
Additionally, it is acknowledged that the security implications of Windows access tokens have been discussed before both in general terms and to different degrees of technical detail. This document is not intended to present such discussions as being fundamentally new; instead it is intended to collate some of the existing knowledge, introduce some new findings and to demonstrate why many years after the general principles discussed were highlighted, many corporate environments are still vulnerable to these issues.
The paper is based upon research originally presented by the author at Defcon 15 and Chaos Computer Congress (CCC) 2007.
Presentation: FIST 2007 - Inspect a Gadget
Oct 26, 2007
Rafael Dominguez Vega presents his research into attack vectors and best practice recommendations for Vista Sidebar Gadgets.
White Paper: Considerations for the Secure Rollout of Sidebar Gadgets on Windows Vista
Sep 27, 2007
This white paper discusses the potential impact of the new Sidebar Gadgets feature of the Microsoft® Windows Vista™ Operating System. It also examines the requirements for its secure rollout and describes in detail different types of attacks and their consequences. Remedial actions and best practice recommendations are also included in this document.