With Great Research Comes Great Responsibility.

At the heart of MWR InfoSecurity lies our research and development platform - MWR Labs. Here we dissect industry news and trends, publish research, and share our tools with the security community

Publication

Apple Safari Pwn2Own 2018 Whitepaper

By Alex Plaskett, Fabian Beterke and Georgi Geshev on 29 October 2018

 

+ read more

dref

By Alexandre Kaskasoli on 20 August 2018

+ read more

var/log/messages

AutoCAD - Designing a Kill Chain

Feb 22nd, 2019

Ventures into Hyper-V - Fuzzing hypercalls

Feb 15th, 2019

What the Fuzz

Jan 23rd, 2019

CAPTCHA-22: Breaking Text-Based CAPTCHAs with Machine Learning

Jan 17th, 2019

Publications

3D Accelerated Exploitation

Feb 22nd, 2019

Intro to Binary Analysis with Z3 and angr

Nov 8th, 2018

Big Game Fuzzing Pwn2Own Safari T2

Oct 29th, 2018

Apple Safari Pwn2Own 2018 Whitepaper

Oct 29th, 2018
Whitepaper

Huawei Mate 9 Pro Mobile Pwn2Own 2017

By Alex Plaskett and James Loureiro on 26 April 2018

+ read more

Slides

Chainspotting: Building Exploit Chains with Logic Bugs

By Georgi Geshev on 13 June 2018

Georgi Geshev and Robert Miller presented 'Logic Bug Hunting in Chrome on Android' at Infiltrate.

 

+ read more

Article

DNS Rebinding Headless Browsers

By Alexandre Kaskasoli on 23 August 2018

+ read more

Tools

The following are recent tools published by MWR InfoSecurity.

+ read more

Latest Tools

Needle

The iOS Security Testing Framework.

Drozer

Comprehensive security and attack framework for Android.

SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise...

 

+ see all