/var/log/messages

Article

Working 9 till 5

By Daniel Lee on 17 November 2016

Daniel Lee was a summer intern in MWR's New York office. Below he writes about his experience with MWR and some of the cool stuff he got to work on.

+ read more

Article

AVRop VM: A ROP based M/o/Vfuscator VM on a Harvard device

By Mark Barnes on 3 November 2016

Recently in PoC||GTFO 0x12 Chris Domas demonstrated a minimal Turing complete virtual machine that only implements a mov instruction where the operands for the mov instruction are taken from a data list of memory address and offsets.

+ read more

Article

A Hybrid Approach to ICS Intrusion Detection

By William Jardine on 21 October 2016

This post is going to introduce SENAMI, a new, hybrid approach to Intrusion Detection for Industrial Control Systems. The post aims to provide a condensed overview of the full paper – SENAMI: Selective Non-Invasive Active Monitoring...

+ read more

Article

Securing the loading of dynamic code

By Alex Triaca on 18 October 2016

Reflection in computer science is when a programming language has the ability to inspect and modify itself at runtime. Arguably, it has been around in a crude form since the beginning of programming itself where programmers...

+ read more

Article

Accessing Internal Fileshares through Exchange ActiveSync

By Adam Rutherford and David Chismon on 7 October 2016

Exchange ActiveSync (EAS) is a protocol for synchronising emails, policies and other items between a messaging server and mobile devices.

+ read more

Article

Popping my DoS Cherry at DerbyCon

By Dave Hartley on 30 September 2016

DerbyCon (https://www.derbycon.com) is a conference that is hosted in Louisville, Kentucky in the US and this year ran from 21st to the 25th of September.

+ read more

Article

H-field electromagnetic sniffing

By Piotr Osuch on 16 September 2016

All cryptographic operations are processes where data elements must be represented by physical quantities in physical structures such as gates and transmission lines. These physical quantities and structures must necessarily have a time and spatial extent.

+ read more

Article

Malicious Outlook Rules

By Dave Hartley on 2 September 2016

The process of creating a malicious Outlook rule currently requires interactive GUI access on a compromised system or possession of credentials as well as the ability to interact directly to the exchange server from an attacker...

+ read more

Article

A quick intro to Needle

By Marco Lancini on 17 August 2016

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so.

+ read more

Article

The hack that changed the blockchain perspective

By Hristo Georgiev on 11 August 2016

An attack on “The DAO” took place on 17th June 2016. However, believe it or not, the developers did know of the vulnerability before that date (12th of June).

+ read more

Article

Don't Try This at Home: Decapping ICs With Boiling Acid.

By Joel Clark on 24 June 2016

Decapping is the process of removing the black epoxy packaging which makes up a microchip in order to expose the silicon inside.

+ read more

Article

Alice, Bob, and Eve: How quantum technology can secure against adversaries.

By Niel Van Der Walt on 24 June 2016

How do you communicate a top-secret document if someone is sitting ready with a large quantum computer to decode your message? In this article, secure communications scenarios are described.

+ read more