WELCOME TO MWR LABS

On the MWR Labs website you will discover a wealth of exciting and interesting information from the world of Information Security including an insight into the security research activities being undertaken by the MWR team. You will find updates from the current research projects as well as the white papers, tools and advisories that have been published. You should also find news articles and other items of interest about the latest happenings in the IT security industry. So whether your interest is the latest developments with respect to security testing or the research being conducted into a specific technology, there should be something within MWR Labs of interest.

Advisories

  1. February 06, 2015
    Apache Qpid Authentication Bypass
  2. February 06, 2015
    Apache Qpid Denial of Service
  3. December 12, 2014
    Apache Qpid XML Document Type Definitions Processing
  4. December 12, 2014
    JBoss HornetQ XML External Entity Data Resolution

/var/log/messages

  1. February 13, 2015
    Practically Exploiting MS15-014 and MS15-011
  2. February 12, 2015
    Popping alert(1) in Flash
  3. January 08, 2015
    CVE-2014-8272: A Case of Weak Session-ID in Dell iDRAC
  4. December 16, 2014
    Digging into MS14-068, Exploitation and Defence

Publications

  1. October 31, 2014
    Windows Services – All roads lead to SYSTEM
  2. June 12, 2014
    Native Bridge's Over Troubled Water
  3. June 12, 2014
    Fracking With Hybrid Mobile Applications
  4. May 21, 2014
    Poor Man's Static Analysis - BSides London 2014


drozer enables you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.


MWR Labs Twitter: