/var/log/messages

Article

A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition

By Ruben Boonen on 27 January 2017

Before we get started, credit should be given to Nicolas Economou, Diego Juarez and KeenLab for pushing Windows kernel exploitation techniques to their limit and for being generous enough to share some of this arcane knowledge...

+ read more

Article

Digital Lockpicking: Why Your Front Door Shouldn't Be On The Internet

By Daniel Lawson on 10 January 2017

FingerTec is a company that offers time attendance and door access hardware and solutions. MWR identified vulnerabilities in their access control biometric devices that can be abused to achieve the following:

+ read more

Article

High Interaction Honeypots with Sysdig and Falco

By Dennis Panagiotopoulos on 4 January 2017

As well as doing training, challenges and shadowing engagements, MWR interns conduct research projects into a range of areas. The purpose of this research was to investigate sysdig and falco tools, and how we can leverage them in order to quickly set up, monitor and investigate high interaction honeypots.

+ read more

Article

Trust? Years to earn, seconds to break

By Ben Campbell on 3 January 2017

At MWR, we often investigate Active Directory configuration weaknesses during penetration tests and targeted attack simulations to identify routes an attacker can take to escalate their privileges, or achieve a full domain compromise.

+ read more

Article

Working 9 till 5

By Daniel Lee on 17 November 2016

Daniel Lee was a summer intern in MWR's New York office. Below he writes about his experience with MWR and some of the cool stuff he got to work on.

+ read more

Article

AVRop VM: A ROP based M/o/Vfuscator VM on a Harvard device

By Mark Barnes on 3 November 2016

Recently in PoC||GTFO 0x12 Chris Domas demonstrated a minimal Turing complete virtual machine that only implements a mov instruction where the operands for the mov instruction are taken from a data list of memory address and offsets.

+ read more

Article

A Hybrid Approach to ICS Intrusion Detection

By William Jardine on 21 October 2016

This post is going to introduce SENAMI, a new, hybrid approach to Intrusion Detection for Industrial Control Systems. The post aims to provide a condensed overview of the full paper – SENAMI: Selective Non-Invasive Active Monitoring...

+ read more

Article

Securing the loading of dynamic code

By Alex Triaca on 18 October 2016

Reflection in computer science is when a programming language has the ability to inspect and modify itself at runtime. Arguably, it has been around in a crude form since the beginning of programming itself where programmers...

+ read more

Article

Accessing Internal Fileshares through Exchange ActiveSync

By Adam Rutherford and David Chismon on 7 October 2016

Exchange ActiveSync (EAS) is a protocol for synchronising emails, policies and other items between a messaging server and mobile devices.

+ read more

Article

Popping my DoS Cherry at DerbyCon

By Dave Hartley on 30 September 2016

DerbyCon (https://www.derbycon.com) is a conference that is hosted in Louisville, Kentucky in the US and this year ran from 21st to the 25th of September.

+ read more

Article

H-field electromagnetic sniffing

By Piotr Osuch on 16 September 2016

All cryptographic operations are processes where data elements must be represented by physical quantities in physical structures such as gates and transmission lines. These physical quantities and structures must necessarily have a time and spatial extent.

+ read more

Article

Malicious Outlook Rules

By Dave Hartley on 2 September 2016

The process of creating a malicious Outlook rule currently requires interactive GUI access on a compromised system or possession of credentials as well as the ability to interact directly to the exchange server from an attacker...

+ read more