On the MWR Labs website you will discover a wealth of exciting and interesting information from the world of Information Security including an insight into the security research activities being undertaken by the MWR team. You will find updates from the current research projects as well as the white papers, tools and advisories that have been published. You should also find news articles and other items of interest about the latest happenings in the IT security industry. So whether your interest is the latest developments with respect to security testing or the research being conducted into a specific technology, there should be something within MWR Labs of interest.


  1. March 06, 2015
    Apache ActiveMQ and ActiveMQ Apollo XML External Entity Data Parsing
  2. March 06, 2015
    Apache ActiveMQ LDAP Wildcard Interpretation
  3. February 06, 2015
    Apache Qpid Authentication Bypass
  4. February 06, 2015
    Apache Qpid Denial of Service


  1. February 13, 2015
    Practically Exploiting MS15-014 and MS15-011
  2. February 12, 2015
    Popping alert(1) in Flash
  3. January 08, 2015
    CVE-2014-8272: A Case of Weak Session-ID in Dell iDRAC
  4. December 16, 2014
    Digging into MS14-068, Exploitation and Defence


  1. March 06, 2015
    Watch You Lookin' At?
  2. October 31, 2014
    Windows Services – All roads lead to SYSTEM
  3. June 12, 2014
    Native Bridge's Over Troubled Water
  4. June 12, 2014
    Fracking With Hybrid Mobile Applications

drozer enables you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

MWR Labs Twitter: