/var/log/messages

Article

WebUSB - How a website could steal data off your phone

By Felix Schmidt on 3 October 2017

On the 5th September this year, Chrome 61 was released with WebUSB enabled as a default feature. WebUSB is a JavaScript API to allow web sites access to connected USB devices.

+ read more

“Tasking” Office 365 for Cobalt Strike C2

By William Knowles on 22 September 2017

There is much research into customised and novel Command and Control (C2) channels, although typically the public outputs of such research are standalone proof-of-concepts rather than being integrated into exisiting offensive toolkits.  Recent extensions to the...

+ read more

Article

Threat Information Sharing with Athena

By Jonathan Nicholas on 1 September 2017

The aim of this article is to provide an introduction to using structured Threat Intelligence (TI) formats, some of the challenges present (in particular with data transformation) and to share a tool MWR has developed to...

+ read more

Article

Alexa, are you listening?

By Mark Barnes on 1 August 2017

The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering.

+ read more

Article

Using Windows File Auditing to Detect Honeyfile Access

By Joshua Gideon on 7 July 2017

Over the years, a vast amount of research has been focused towards honeypots. Honeypots have evolved from the traditional emulated operating system and service to include a variety of honey “things”.

+ read more

Article

Offensive ICS Exploitation: A Description of an ICS CTF

By William Jardine and William Knowles on 29 June 2017

On the 9th June, MWR InfoSecurity were at Singapore University of Technology and Design (SUTD) for a competition based around the cyber security of Industrial Control Systems (ICSs).

+ read more

Article

DLL Tricks with VBA to Improve Offensive Macro Capability

By William Knowles on 16 May 2017

Much of the recent research around the use of DLLs within VBA has focused on a narrow subset of its functionality; in particular, how it can be used to inject shellcode into currently running processes.  This...

+ read more

Article

Add-In Opportunities for Office Persistence

By William Knowles on 21 April 2017

One software product that attackers will almost certainly find in the environments that they're targeting is Microsoft Office.  Office applications due to this ubiquity present a consistent source of opportunity for persistence mechanisms.

+ read more

Article

A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition

By Ruben Boonen on 27 January 2017

Before we get started, credit should be given to Nicolas Economou, Diego Juarez and KeenLab for pushing Windows kernel exploitation techniques to their limit and for being generous enough to share some of this arcane knowledge...

+ read more

Article

Digital Lockpicking: Why Your Front Door Shouldn't Be On The Internet

By Daniel Lawson on 10 January 2017

FingerTec is a company that offers time attendance and door access hardware and solutions. MWR identified vulnerabilities in their access control biometric devices that can be abused to achieve the following:

+ read more

Article

High Interaction Honeypots with Sysdig and Falco

By Dennis Panagiotopoulos on 4 January 2017

As well as doing training, challenges and shadowing engagements, MWR interns conduct research projects into a range of areas. The purpose of this research was to investigate sysdig and falco tools, and how we can leverage them in order to quickly set up, monitor and investigate high interaction honeypots.

+ read more

Article

Trust? Years to earn, seconds to break

By Ben Campbell on 3 January 2017

At MWR, we often investigate Active Directory configuration weaknesses during penetration tests and targeted attack simulations to identify routes an attacker can take to escalate their privileges, or achieve a full domain compromise.

+ read more