WELCOME TO MWR LABS

On the MWR Labs website you will discover a wealth of exciting and interesting information from the world of Information Security including an insight into the security research activities being undertaken by the MWR team. You will find updates from the current research projects as well as the white papers, tools and advisories that have been published. You should also find news articles and other items of interest about the latest happenings in the IT security industry. So whether your interest is the latest developments with respect to security testing or the research being conducted into a specific technology, there should be something within MWR Labs of interest.

Advisories

  1. April 17, 2015
    Apache Cassandra JMX/RMI Remote Code Execution
  2. April 17, 2015
    Cisco Cloud Web Security Connector JMX/RMI Remote Code Execution
  3. March 06, 2015
    Apache ActiveMQ and ActiveMQ Apollo XML External Entity Data Parsing
  4. March 06, 2015
    Apache ActiveMQ LDAP Wildcard Interpretation

/var/log/messages

  1. May 22, 2015
    Android Wear Security Analysis
  2. April 02, 2015
    How to own any windows network with group policy hijacking attacks
  3. March 27, 2015
    Disgusting Code: GeoIP lookups in Excel
  4. March 20, 2015
    GitLab User Enumeration

Publications

  1. March 06, 2015
    Watch You Lookin' At?
  2. October 31, 2014
    Windows Services – All roads lead to SYSTEM
  3. June 12, 2014
    Native Bridge's Over Troubled Water
  4. June 12, 2014
    Fracking With Hybrid Mobile Applications


drozer enables you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.


MWR Labs Twitter: