http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-08-01 16:16:06 - var log messages : It s finally here After months of anticipation we have finally unleashed drozer g12 At this point you are probably wondering why we renamed Mercury Well we have made some massive changes since the last release of Mercury so we needed a massive new name to support it Typically at this point, we would list our three favourite features in the new release Today, we shall break the mould and take our top one exploitation http://www.secuobs.com/revue/news/460596.shtmlhttp://www.secuobs.com/revue/news/460596.shtml Secuobs.com : 2013-07-18 14:19:37 - var log messages - For BSides London 2013, MWR created a challenge and offered a number of prizes to contestants who successfully accomplished the set goals MWR, Nuit du Hack, BSides and 44CON generously donated prizes for the challenge We had a lot of entries and it appears, from feedback received, that a lot of the community just enjoyed having a go and taking part We hope that the fun can continue and have decided to publish a walkthrough of the challenge so that more people can enjoy, regardless of skill set, and learn more about the art of hacking Android http://www.secuobs.com/revue/news/457723.shtmlhttp://www.secuobs.com/revue/news/457723.shtml Secuobs.com : 2013-06-06 10:28:06 - var log messages - Well, ToolsWatch broke the news after nearly 18 months, thousands of downloads, countless hours of R D and loads of feedback from the community, we are sad to be waving goodbye to Mercury and its awesome if somewhat maligned logo Today, you get your last scheduled release of Mercury But don t despair, the Android pwnage will continue at BlackHat Arsenal, when we release drozer Whilst we ve numbered this a patch release, it s got some very cool changes and additions Time for our top three http://www.secuobs.com/revue/news/449743.shtmlhttp://www.secuobs.com/revue/news/449743.shtml Secuobs.com : 2013-05-16 13:17:15 - var log messages - Occasionally at MWR Towers , people have disagreements If Nils is using all the CPU power on the shell server to run his fuzzer and you need it to handle your reverse shell, or there s no room in the lab because John is busy pwning an ATM and you re needing to set up something on the test network, sometimes you just have to put your foot down and say come at me, Bro Up until recently, settling scores has fallen to a battle to the death in front of the office Playstation 3, where the two parties involved throw down in some Street Fighter IV action with Ken vs Ryu or Chun-Li vs Vega The victor gets their CPU time, whilst the loser is resigned to dwell on their failure whilst making a cup of sweet tasting coffee everyone knows a coffee tastes better if it was made by someone else Unfortunately, that sweet coffee was spilled on the Playstation 3 which made it disappear from the centre of the office Without a way to settle disputes, tensions run high We could just buy a new PS3, and return to normality, but where s the fun in that With the HackLab weekend looming, and plenty of cash to spend, we set out to build the ultimate in grudge-match technology An old school Arcade machine with a modern twist http://www.secuobs.com/revue/news/445808.shtmlhttp://www.secuobs.com/revue/news/445808.shtml Secuobs.com : 2013-05-16 13:17:15 - var log messages - hackfu Here s the 7th clue 7th Clue Juliet working hard in Hartley in the 1980s http://www.secuobs.com/revue/news/445807.shtmlhttp://www.secuobs.com/revue/news/445807.shtml Secuobs.com : 2013-05-16 13:17:15 - var log messages - There were projects for everyone at this year s HackLab, this one was for the radio geeks out there In just one day the team on this project went from novices to fans of RF hacking, here is some of the cool stuff we got up to on the day The team initially became familiar with RF hacking in a Software Defined Radio SDR workshop primer Using Elonics E4000 Tuner IC dongles, we experimented with simple identification and demodulation of radio signals using tools such as SDRSharp and Gqrx This enabled the attendees to get familiar with the basics of RF hacking and signal demodulation We explored the capabilities of GNU Radio by implementing our own instrumentation tools for analysing RF signals We also had a USRP E100 on-hand to get further experience with RF signals and access to more powerful SDR technology http://www.secuobs.com/revue/news/445806.shtmlhttp://www.secuobs.com/revue/news/445806.shtml Secuobs.com : 2013-05-10 14:55:10 - var log messages - hackfu Here s the 6th clue 6th Clue Bet on 6 doubles, 4 trebles and a fourfold accumulator http://www.secuobs.com/revue/news/444623.shtmlhttp://www.secuobs.com/revue/news/444623.shtml Secuobs.com : 2013-05-02 09:22:37 - var log messages - hackfu For those of you eagerly waiting to learn the location of this year s HackFu, here s the 5th clue 5th Clue 4 0 2 0 2 4 2 2 1 http://www.secuobs.com/revue/news/443080.shtmlhttp://www.secuobs.com/revue/news/443080.shtml Secuobs.com : 2013-04-30 10:09:01 - var log messages - hackfu We know you ve all been waiting for it so we are pleased to announce that its MWR challenge time again This is a really exciting time of the year for us as it enables us to engage with some of the brightest emerging talent in the industry We also get to give away some tickets to HackFu where we will get a chance to meet and compete alongside you in this year s event This year we have put together a series of fun yet challenging activities to get your brains thinking about security The challenges are titled The Hunt for Ilichy and put you in the hot seat of a counter intelligence operation You ll find out more once you take a look at the mission briefing included in the initial data files Your instructions are simple, register, solve and submit http://www.secuobs.com/revue/news/442633.shtmlhttp://www.secuobs.com/revue/news/442633.shtml Secuobs.com : 2013-04-25 18:55:50 - var log messages - A small group of 6 sat down and had a look at the challenges you face when dealing with large amounts of data Luckily someone was kind enough to produce huge amounts of data just in time for HackLab The data produced in this scan of the whole internet amounts to 9TB in raw files In preparation for HackLab we uploaded the compressed data to Amazonâ s AWS infrastructure Due to the compression algorithm that was used, decompression on a single desktop would take quite a while In AWS however we were able to use a few cluster-compute spot-instances to go through this task rather quickly The idea of this project was to get a chance to play with new technologies that we aren t exposed to on a daily basis When trying to make this much data accessible you will run into problems with your traditional SQL databases or grep-fu Our team split in smaller sub-teams to look at specific subsets of the data http://www.secuobs.com/revue/news/441849.shtmlhttp://www.secuobs.com/revue/news/441849.shtml Secuobs.com : 2013-04-25 18:55:50 - var log messages - About a year ago the idea of the office beer fridge was first floated Although it got immediate support from every one of its potential frequenters it failed to come to fruition A number of other ideas had always been about including a r00t alarm that would go off whenever a tester got root or did something else deserving of some attention and applause We decided to combine the two ideas together Got root Have a beer The idea was fairly simple, if you could complete a hacking challenge, the fridge would unlock and award the l33t hacker with a beer We often like to compete and create challenges You always learn best with your fingers on the keyboard , and so We wanted to build the fridge to be a template that people could put their challenges on http://www.secuobs.com/revue/news/441848.shtmlhttp://www.secuobs.com/revue/news/441848.shtml Secuobs.com : 2013-04-25 10:03:46 - var log messages - hackfu For clue 4 its time to bring back an old favourite, Blankety Blank Answer the question to get the answer My best friend is a very good ballet dancer however, that doesn t guarantee success in life They proved it when they left university with nothing to show for their studies other than a two http://www.secuobs.com/revue/news/441742.shtmlhttp://www.secuobs.com/revue/news/441742.shtml Secuobs.com : 2013-04-22 16:54:15 - var log messages - A couple of weeks ago we ran our first internal HackLab Inspired by the recent spate of hackspaces, we decided to get a bunch of us together to hack around on interesting tech over beer and pizza We asked around the team for ideas and got suggestions from all, from our senior researchers to some of our newest employees We settled on four projects, and decided to run it in our new London offices they are a great venue We got a budget for kit, so we had parts for fridges, some elastic cloud time, a few electronic doorbells and a lot of RTL-SDR dongles, some games controllers and a couple of massive LED ticker tapes Then we got free rein to play with them, learn how they worked and what we shouldn t be able to do with them There wasn t much structure to the day, people picked the project that sounded interesting and just settled into it Everyone helped quality test the MWRcade project, and team members also donated or brought in some bits and pieces from home, so there was always something to look at or take apart http://www.secuobs.com/revue/news/441016.shtmlhttp://www.secuobs.com/revue/news/441016.shtml Secuobs.com : 2013-04-19 18:51:08 - var log messages - http://www.secuobs.com/revue/news/440667.shtmlhttp://www.secuobs.com/revue/news/440667.shtml Secuobs.com : 2013-04-18 09:42:11 - var log messages - hackfu For those of you eagerly waiting to learn the location of this year s HackFu, here s the 3rd clue 3rd Clue I squared plus two http://www.secuobs.com/revue/news/440328.shtmlhttp://www.secuobs.com/revue/news/440328.shtml Secuobs.com : 2013-04-12 09:33:39 - var log messages - hackfu For those of you eagerly waiting to learn the location of this year s HackFu, here s the 2nd clue 2nd Clue Of thy tongue s uttering, yet I know the sound http://www.secuobs.com/revue/news/439084.shtmlhttp://www.secuobs.com/revue/news/439084.shtml Secuobs.com : 2013-04-03 17:11:08 - var log messages - hackfu Over the next 7 weeks we will be releasing clues to the location of this year s HackFu, if you put them all together they will lead you to the venue Enjoy Clue 1 Remember, remember the Vth http://www.secuobs.com/revue/news/437397.shtmlhttp://www.secuobs.com/revue/news/437397.shtml Secuobs.com : 2013-03-28 09:36:52 - var log messages - Today, Mercury v22 is available for download Well, it s nearly easter, and whilst we are packing up for the long weekend we wanted to give you a little present We re also giving away a free Android app free, because it s hopelessly riddled with security vulnerabilities for you to download and try Mercury on So, what s different Following up on your feedback, we wanted to make Mercury more stable, and easier to use We did that, fixed a few bugs on the way, and piled in a bunch more features to boot Not sure what Mercury is Well, ok That stings a little, but we forgive you Mercury is the leading Android Security Assessment Framework It allows security researchers and developers to interact with Android apps as if they were another app on the device, to search for security vulnerabilities, develop exploits and test fixes It was hard to pick our top three features, but here goes http://www.secuobs.com/revue/news/436308.shtmlhttp://www.secuobs.com/revue/news/436308.shtml Secuobs.com : 2013-03-11 18:10:24 - var log messages - BigCorp has discovered that its employees are connecting their mobile devices to BigCorps network BigCorp have not implemented a BYOD policy or a technology such as an MDM solution The mobile devices are therefore unauthorised It has come to BigCorp s attention that one of its employees has been acting suspiciously and it is believed that they have been attacking BigCorp systems His intentions are unclear, but the rise in activity suggests that something big is planned The wizards in BigCorp s IT department have discovered that the employee in question is using an Android mobile device and has the Evil Planner application installed BigCorp have acquired the application that is readily available from a popular hackers forum and are busy scrutinising it however it appears that the application enforces what the developers refer to as secure encryptions http://www.secuobs.com/revue/news/432777.shtmlhttp://www.secuobs.com/revue/news/432777.shtml Secuobs.com : 2013-03-07 02:13:33 - var log messages - Today MWR Labs mwrlabs demonstrated a full sandbox bypass exploit against the latest stable version of the Google Chrome browser The demonstration took place during the annual Pwn2Own competition at the CanSecWest conference in Vancouver The vulnerabilities were found and the exploit was developed by MWR researchers Nils nils and Jon securitea We showed an exploit against previously undiscovered vulnerabilities in Google Chrome running on a modern Windows-based laptop By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges http://www.secuobs.com/revue/news/431974.shtmlhttp://www.secuobs.com/revue/news/431974.shtml Secuobs.com : 2013-02-21 09:20:43 - var log messages - hackfu HackFu 2013 June 27th June 29th It s the time of the year when the build-up begins for this year s HackFu For those of you who aren t sure what it is or whether you should care about it, a short introduction is included here http://www.secuobs.com/revue/news/429039.shtmlhttp://www.secuobs.com/revue/news/429039.shtml Secuobs.com : 2013-02-14 09:18:21 - var log messages - MWR are recruiting now for paid summer 2013 internship positions Based at our Basingstoke office, youâ ll spend the majority of your 10-12 week placement working on a personal research project that suits your interests you will also have the chance to experience information security consultancy in practice, for some of the UK s biggest companies However, if you are not available over summer or for the whole duration, do still apply as we can arrange internships for different durations or times What will you gain from an internship with MWR The opportunity to work with our research team who in the last year alone have won Mobile Pwn2Own2012, created Mercury and demonstrated attacks on chip and pin terminals that were reported around the world Gain hands on experience of the world of security consultancy Get involved in our extracurricular activities, including regular hack-nights, game nights, annual CTF and internal conference The chance of a junior position post internship The majority of our juniors are recruited after successfully completing the internship scheme http://www.secuobs.com/revue/news/427707.shtmlhttp://www.secuobs.com/revue/news/427707.shtml Secuobs.com : 2013-02-07 08:56:46 - var log messages - Mercury v21 is now ready for you Based on the thousands of downloads we saw when Mercury v20 was published last December we know that you have found it to be a must have tool whether you are a security professional or app developer At the same time lots and lots of you sent us great suggestions about how to make it even better The team at MWR Labs that is behind Mercury has been busy reviewing each and every one of those comments and have used them to shape our new release, imaginatively named v21, which is ready for you to download right now As well as squashing all the annoying bugs that you told us about we have crammed even more awesome features into your favourite mobile security tool These three are our favourites and am sure youâ ll come to love them just as much as we do http://www.secuobs.com/revue/news/426272.shtmlhttp://www.secuobs.com/revue/news/426272.shtml Secuobs.com : 2012-12-14 08:43:08 - var log messages - It s been 8 months since we released Mercury into the wild Since then we have seen many people use the tool and share their thoughts, insight and time with up to help make Mercury even more awesome The Mercury v11 release, last September, helped us to address some of the user feedback bringing in a heap of new features and improvements from the cool reflection interface, to the mundane but necessary improvements to inline help We wanted more Today, we are able to release Mercury v20 Why v20 Because we have rewritten Mercury from the ground up We wanted to tackle some of the more fundamental problems that you, and we, discovered whilst using Mercury in anger Get it now from the downloads page Then follow us on Twitter We will be tweeting hints and tips all day Now go play with it It s OK, I ll wait for you to come back These are our three favourite new features http://www.secuobs.com/revue/news/417017.shtmlhttp://www.secuobs.com/revue/news/417017.shtml Secuobs.com : 2012-09-19 15:51:19 - var log messages - Today MWR Labs demonstrated an Android vulnerability at the EuSecWest Conference in Amsterdam The demonstration of the 0day exploit took place at the Mobile Pwn2Own competition The exploit was developed in a team effort between our South African and UK offices The vulnerability was found and the exploit was developed by Tyrone and Jacques in South Africa and Jon and Nils in the UK http://www.secuobs.com/revue/news/400521.shtmlhttp://www.secuobs.com/revue/news/400521.shtml Secuobs.com : 2012-09-13 17:07:01 - var log messages - SAProuter is a SAP program working as a reverse proxy, which analyses connections between SAP systems and between SAP systems and external networks It is designed to analyse and restrict SAP network traffic, which is allowed to pass through the firewall http://www.secuobs.com/revue/news/399482.shtmlhttp://www.secuobs.com/revue/news/399482.shtml Secuobs.com : 2012-09-07 09:12:07 - var log messages - After the launch of Mercury in March 2012, the framework has attracted many new contributors and an overwhelming number of new ideas for its future The next logical steps were to continue the development of new features, stabilise existing ones and add new modules for performing various tasks Since its release, Mercury has become the de facto standard framework for security testing on Android and is used by phone vendors, large companies and Android tinkerers from around the world It has also been included in new releases of Backtrack and Santoku Linux, showing community acceptance of its ninjaness http://www.secuobs.com/revue/news/398209.shtmlhttp://www.secuobs.com/revue/news/398209.shtml Secuobs.com : 2012-09-03 14:14:04 - var log messages - To quote Homer J Simpson, All this computer hacking is making me thirsty I think I ll order a Tab Very apt words as Iâ ve been busy authoring many SAP MSF modules that I intend to release over the coming months coinciding with the delivery of my updated SAP Slapping materials at the Sec-T, T2 and DeepSec conferences However I ve decided to release a subset today as a small taster of what is to come http://www.secuobs.com/revue/news/397301.shtmlhttp://www.secuobs.com/revue/news/397301.shtml Secuobs.com : 2012-09-01 10:36:25 - var log messages - At MWR labs, we have recently been delving a little deeper into the security features of the BlackBerry OS and how secure this platform is for third party applications to operate in In this blog, we focus on the risks third party applications face and the ways in which developers can secure their applications from these risks We will be looking at applications operating within the BlackBerry Internet Service BIS environment The BlackBerry OS has historically enjoyed a great reputation for being the most secure mobile platform, this is true for devices that are locked down operating in a BlackBerry Enterprise Server BES environment However, we are focusing on third party applications running on a consumerâ s device running in the BIS environment and have come across some interesting findings These findings should be of particular interest to developers who create consumer applications for BlackBerry and to security consultants looking to test BlackBerry applications http://www.secuobs.com/revue/news/397149.shtmlhttp://www.secuobs.com/revue/news/397149.shtml Secuobs.com : 2012-08-23 15:18:07 - var log messages - So a couple of months ago, I wanted to poke at my android phone to see how soft and squishy it was I thought I d take Mercury, a security assessment framework for android that we developed, for a spin So I grabbed the shiniest copy of mercury I could and tried to write a toy plugin to list the secretcodes from android applications After lots of experimenting with the stock version of mercury, the quickest client-side plugin I could come up with was one which copied each application s apk to the client and unzipped it to read the manifest It was slow Really, mind numbingly, excruciatingly slow So slow, it needed the charger plugged in to complete Not good Looking in the Mercury server code, I figured I could add a custom command to pull out the data I needed, but then the server would soon bloat if everybody did that There had to be a way of writing a little bit of code in the server that would let me write whatever I wanted in the client and get it to run http://www.secuobs.com/revue/news/395328.shtmlhttp://www.secuobs.com/revue/news/395328.shtml Secuobs.com : 2012-08-03 14:53:44 - var log messages - The Hardware Hacking scene has exploded recently, thanks largely to the widespread adoption of devices such as the Arduino and Raspberry PI by the hacking community Applying hardware hacking techniques during product assessments can often give unrivaled levels of access to hidden or undocumented functionality particularly when reviewing embedded devices such as routers, switches and access points Hacker Fantastic, an MWR Senior Consultant, prior to his employment with MWR reviewed the SAGEM F ST2504 Sky Broadband router , at the time a popular consumer broadband device, and documented his findings in a blog post and presentation titled Hacking Embedded Devices For Fun and Profit Matthew has since followed up on his prior work by reviewing the Virgin Media SuperHub a Cable Modem Router used by Virgin Media Cable in the UK and re-visited his assessment of the SAGEM F ST2504 Sky Broadband router Using physical assessment techniques Matthew has been able to obtain full privileged â rootâ shell capabilities on both the Virgin Media SuperHub and again on the previously assessed SAGEM F ST2504 Sky Broadband router Both the â Virginâ and â Skyâ devices were found to have many more in-built capabilities available, or intended, by the ISP s who issued them Both were found to have advanced networking capabilities such as allowing for the manipulation of Media Access Control MAC addresses, packet analyzers, the ability to change or review configuration data not available within the embedded web services and review any credentials configured on the device It was possible to recover the devices firmware and to begin installing custom Operating Systems onto the devices enabling users to take full advantage of the hardware provided This blog post aims to show that the methodologies, tools and concepts demonstrated can, and have, worked across multiple devices not just those provided by Sky Broadband and Virgin Media http://www.secuobs.com/revue/news/391503.shtmlhttp://www.secuobs.com/revue/news/391503.shtml Secuobs.com : 2012-07-18 19:00:23 - var log messages - A new version of Incognito is available http://www.secuobs.com/revue/news/388171.shtmlhttp://www.secuobs.com/revue/news/388171.shtml Secuobs.com : 2012-06-06 14:12:49 - var log messages - veripy-small To celebrate the World IPv6 Launch, MWR Labs have released a new tool to help support the migration to IPv6 veripy is a tool to help build confidence and assurance in the hardware and software products that are to underpin IPv6 networking moving forwards This confidence will be fundamental to the transition from IPv4 to IPv6 which will be complex, but is critical to the future of networking and IT in general veripy has been released through our IPv6 Security Lab website Follow us on Twitter for the latest updates http://www.secuobs.com/revue/news/379836.shtmlhttp://www.secuobs.com/revue/news/379836.shtml Secuobs.com : 2012-04-30 16:30:08 - var log messages - Recently we have been assessing a number of mobile Android and iOS applications The majority of the applications we have reviewed make use of WebKit WebViews WebKit is an open source web browser engine A WebView is often used to load HTML content as an in process web browser to save passing the user off to the platforms web browser They are also often used when a developer wants to quickly port a web application to multiple mobile platforms without having to create a specific UI for each In addition to these general use cases, we keep seeing ingenious ways to make use of them The most common implementation that we come across is to facilitate advertisement loading from remote advertisers Weâ ve recently been performing an attack surface analysis against various platform WebKit WebView implementations This post concentrates on my adventures with the Android platform As part of this research we came across a paper titled Attacks on WebView in the Android System, which made for interesting reading Our original intention was to create a series of posts that provide advice to platform developers on how to implement an as-good-as-it-can-be WebView However, we found ourselves a little side tracked after reading this paper In particular we were intrigued by section 42 â Attacks through Frame Confusionâ Additionally, on our to do list, is to take a closer look at some of the frameworks that are available for cross platform development Particularly solutions that allow developers to produce an application in one common language and â automagicallyâ push this application to all major mobile platforms, with very little or no effort at all http://www.secuobs.com/revue/news/372725.shtmlhttp://www.secuobs.com/revue/news/372725.shtml Secuobs.com : 2012-04-27 16:30:25 - var log messages - I have recently developed several Metasploit auxiliary and exploitation modules to assist consultants in assessing SAP systems I have also delivered a presentation â SAP Slapping a pentesters guide â at CRESTCon and BSides London where some of these modules were demonstrated I plan to submit these modules to the Metasploit Framework however until this process is complete the modules will be available here I have not yet finished all of the modules that I plan to write, so stay tuned for future updates Some of the modules here are based on, or are ports of the plugins available in the Bizploit Opensource ERP Penetration Testing framework Others are not Bizploit has been an essential tool for security consultants assessing SAP systems since its release However the framework has not been updated since then Bizploit was my inspiration for writing the Metasploit modules The intention behind writing the Metasploit modules, as apposed to contributing back to the Bizploit framework, was to encourage contributions from the community Bizploit is written in Python and C and has not seen any community contributions this is unfortunate Iâ m hoping that the community finds it easier to contribute to the Metasploit framework and helps to build an even more impressive free and open source SAP assessment tool set leveraging the capabilities of the Metasploit framework http://www.secuobs.com/revue/news/372426.shtmlhttp://www.secuobs.com/revue/news/372426.shtml Secuobs.com : 2012-04-23 14:45:52 - var log messages - The majority of the mobile applications I have reviewed lately make use of WebKit WebViews WebKit is an open source web browser engine A WebView is often used to load HTML content as an in process web browser to save passing the user off to the platforms web browser They are also often used when a developer wants to quickly port a web application to multiple mobile platforms without having to create a specific UI for each In addition to these general use cases, clients keep finding ingenious ways to make use of them The most common implementation that I come across is to facilitate advertisement loading from remote advertisers I often find that by reviewing the code base and or performing an application assessment, vulnerabilities are discovered that can be leveraged specifically due to how a WebKit WebView has been implemented however the level of compromise achievable and to what end, is very platform dependent The level of compromise is obviously also dependent on the application itself and in most cases, specific to the client I am dealing with The remediation and mitigation strategies also differ wildly from platform to platform When I report back to the developers I am often giving the iOS and Android developers different remediation and mitigation strategies As part of this process I am often also asked to provide a â best practiceâ configuration guide for WebKit WebViews So, in this post I intend to provide details on how to implement an as-good-as-it-can-be WebKit WebView for Android applications http://www.secuobs.com/revue/news/371444.shtmlhttp://www.secuobs.com/revue/news/371444.shtml Secuobs.com : 2012-04-20 18:22:17 - var log messages - HackFu is an MWR InfoSecurity sponsored event in the UK filled with solving puzzles, hacking, scripting, tinkering, lock picking, crypto challenge, thinking outside the box, lots of learning and exposure to a team of some of the world s best security researchers and penetration testers from the MWR LABS team If you have a keen interest in information security and are interested in pursuing an exciting career in this field as a researcher, penetration tester and consultant, this could be the opportunity you have been waiting for MWR will be sponsoring up to 10 places to the annual HackFu event hosted at a secret location in the UK at the end of June see Competition Rules for eligibility http://www.secuobs.com/revue/news/371108.shtmlhttp://www.secuobs.com/revue/news/371108.shtml Secuobs.com : 2012-04-19 09:07:51 - var log messages - This year s HackFu has now been booked for the 28th to 30th June Last year there were four teams that battled against each other to discover the Secret of Hacker Island This year the teams will be transported to the future in an event titled EarthDate 2139 , the location and challenges still remain closely guarded secrets We have now finalised this year s specially selected guest list and have sent out all the invites, if you haven t received one and you think you should have let us know asap If you weren t on the list don t worry as there may be one last chance for you to win a place at the event so keep following us on Twitter for further details hackfu http://www.secuobs.com/revue/news/370811.shtmlhttp://www.secuobs.com/revue/news/370811.shtml Secuobs.com : 2012-04-16 19:44:41 - var log messages - Recently I have been assessing a number of mobile Android and iOS applications The majority of the applications I have reviewed make use of WebKit Webviews WebKit is an open source web browser engine A Webview is often used to load HTML content as an in process web browser to save passing the user off to the platforms web browser They are also often used when a developer wants to quickly port a web application to multiple mobile platforms without having to create a specific UI for each In addition to these general use cases, clients keep finding ingenious ways to make use of them The most common implementation that I come across is to facilitate advertisement loading from remote advertisers I often find that by reviewing the code base and or performing an application assessment, vulnerabilities are discovered that can be leveraged specifically due to how a WebKit Webview has been implemented however the level of compromise achievable and to what end, is very platform dependent The level of compromise is obviously also dependent on the application itself and in most cases, specific to the client I am dealing with The remediation and mitigation strategies also differ wildly from platform to platform When assessing the same mobile application on multiple platforms, the same issues can be found, but when I report back to the developers I am giving the iOS and Android developers different remediation and mitigation strategies This is a point of frustration for all involved and what has ultimately led to me to produce this post rant In this post I ll try and illustrate the differences between the OS X, Android and iOS WebKit implementations I ll specifically be concentrating on how to best implement a WebKit UIWebview in order to reduce the likelihood of exploitation and to help limit an attackers movements, should a compromise occur on the iOS platform as this is the platform that offers the least amount of assistance Before we delve into iOS though, it would be prudent to discuss Webview implementations and the security features that are available on the Android and OS X platforms first http://www.secuobs.com/revue/news/370247.shtmlhttp://www.secuobs.com/revue/news/370247.shtml Secuobs.com : 2012-03-07 09:19:49 - var log messages - MWR InfoSecurity is a leading information security consultancy with a recognised history of generating world class research MWRâ s researchers regularly speak at major conferences such as Blackhat, DeepSec and SchmooCon, and MWRâ s clients include some of the biggest and well-known companies in the UK MWR are offering paid summer internships with our consultancy team Interns will primarily work on a security-related research project and will also have the opportunity to experience security consulting in a passionate and exciting company The length of the internships can be variable but is intended to be around 12 weeks long and successful internships may lead to full time employment A range of research projects are available, ranging from the more technical to the more high-level and there is flexibility if candidates have a project or idea that they would particularly like to work on Interns will be based in the UK offices in Basingstoke and will be aided in their projects by MWRâ s researchers http://www.secuobs.com/revue/news/361886.shtmlhttp://www.secuobs.com/revue/news/361886.shtml Secuobs.com : 2012-03-07 09:19:49 - var log messages - Recently, MWR offered a challenge win tickets to Security B-Sides London 2012 Entrants were invited to solve the challenge by decrypting the secret message using the clues provided CP3-bottle Click here to see the solution http://www.secuobs.com/revue/news/361885.shtmlhttp://www.secuobs.com/revue/news/361885.shtml Secuobs.com : 2012-02-09 09:12:41 - var log messages - The development team within MWR create innovative solutions to help clients understand and manage their risk, as well as internal applications that support and enhance the operation of the business An opportunity is available for an internship with MWRâ s development team this summer 2012 The successful applicant will undertake real work on a new development project and will be expected to take it from early requirements to a working solution by the end of the internship They will be offered all the help and guidance they need to complete the project as well as a competitive salary http://www.secuobs.com/revue/news/356865.shtmlhttp://www.secuobs.com/revue/news/356865.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - A white paper was released by MWR InfoSecurity discussing the security implications of administrative web applications This explains how the use of alternative protocols such as DHCP and 80211 can be used to perform web based attacks The white paper also explains the different methods available for exploiting these issues in practice, and details how tools can be built to test and exploit them The paper is based upon original research by Rafael Dominguez Vega and can be downloaded from mwri_behind-enemy-lines_2008-07-25 http://www.secuobs.com/revue/news/356355.shtmlhttp://www.secuobs.com/revue/news/356355.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - At the Defcon 16 conference in Las Vegas, Nick Harbour showed off his new Windows executable packer, PE-Scrambler It uses some interesting, and sometimes downright devious techniques to make analysis of the binary harder Rather than blindly manipulating the bits and bytes of the code to compress or encrypt it as many traditional packers, PE-Scrambler disassembles the code and manipulates it at a logical level to sabotage many of the methods used by disassemblers to analyse instructions and flow The result is a binary that is hard to get any meaningful automatic analysis of program structure for http://www.secuobs.com/revue/news/356354.shtmlhttp://www.secuobs.com/revue/news/356354.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - This talk by Chema Alonso and Jose Parada at the Defcon 16 security conference in Las Vegas introduced a method, and a tool, for performing time based blind SQL injection without the need to use delay functions of the database server Blind SQL injection allows data to be retrieved form a database through an SQL injection vulnerability even when that data is not directly output by the vulnerable application The techniques used to accomplish this require repeated queries selecting a small piece of data, such as a single character or the a string length or a field name, and testing its value Using conditionals, different behaviour is induced depending on whether the condition has guessed correctly about the data Gradually then, information can be extracted http://www.secuobs.com/revue/news/356353.shtmlhttp://www.secuobs.com/revue/news/356353.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - This insightful presentation at the Defcon 16 conference in Las Vegas commented on the history of the pentest, what worked and what didn t, and the direction which, in the speakers eyes, the pentest should be moving towards today The speakers, Taylor Banks and Carric, gave a warning at the start of the presentation that no punches would be pulled and that things which they felt were wrong with the industry and the people in it would be freely discussed They laid out what pentesting used to be like and where it came from, what it became, the problems it still faces and looked at what really adds value to a pentest and how we should be developing it as a service Much of what they said rang true with MWR s experience and current goals and it was certainly interesting to see these ideas laid out In this article I hope to captures much of what they were expressing in that talk http://www.secuobs.com/revue/news/356352.shtmlhttp://www.secuobs.com/revue/news/356352.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - On Friday 8th August 2008 MWR InfoSecurity s John Fitzpatrick presented the talk Virtually Hacking at DefCon 16 in Las Vegas The presentation looked at VMware security and can be downloaded from virtually-hacking_DEFCON16 http://www.secuobs.com/revue/news/356351.shtmlhttp://www.secuobs.com/revue/news/356351.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - When you talk about attending a major security conference it is tempting to dream of a trip to the lights and glamour of Las Vegas However, what often gets lost is that it is the speakers and the content that make a conference not just the surroundings So when considering this important fact the inaugural Sec-T conference in Stockholm was a very exciting prospect for anybody interested in cutting edge security research No matter what your role is in the Information Security industry there was a talk that would be of interest Here is a flavour of what you would have heard if you were an attendee http://www.secuobs.com/revue/news/356350.shtmlhttp://www.secuobs.com/revue/news/356350.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - Rafael Dominguez Vega presented at DeepSec 2008 about his research into attacking administrative web interfaces His talk included demonstrations of these kinds of attacks through SSID and DHCP script injection vulnerabilities discovered by in the course of his research The slides for this presentation are available from mwri_behind-enemy-lines-presentation-deepsec2008 http://www.secuobs.com/revue/news/356349.shtmlhttp://www.secuobs.com/revue/news/356349.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - Timing attacks have a long and successful history when used against a wide variety of systems and technologies This is because these attacks can take so many forms, from vulnerabilities related to race conditions, or blind SQL injection vectors which use delays in execution through to the timing of a UNIX login One of the classic timing attacks is based on measuring the difference in the time an application takes to complete two different but related tasks If the code path followed by different inputs varies in its length or in its complexity the execution time for the two different inputs can vary slightly â but measurably The most common example of this is the time taken by a login mechanism to process authentication attempts When the username which is supplied is valid, the code path can often be longer than that taken for an invalid user and therefore could allow a timing attack to occur This type of attack has been widely publicised and there are many examples which are known to work http://www.secuobs.com/revue/news/356348.shtmlhttp://www.secuobs.com/revue/news/356348.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - I recently had the good fortune to attend EuSecWest 2009 EuSecWest is one of those great conferences where itâ s full of very knowledgeable, like-minded individuals but is small enough that by the end everybody kind of knows everybody, if they didn t already The talks were all very technical and of good quality I had the pleasure of engaging in many interesting discussions Here are a few highlights from talks that interested me in particular http://www.secuobs.com/revue/news/356347.shtmlhttp://www.secuobs.com/revue/news/356347.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - Following the talk presented at Defcon 17 this year, Rafa continued his research in USB attacks and will provide an update of his research at T2 in Finland on Thursday 29th October 2009 The presentation will cover a wide range of security considerations for the use of USB devices However, it will specifically focus on the evolution of an attack that can be delivered through a malicious USB device The talk will also include discussion about the methods that can be used to identify and exploit vulnerabilities in USB drivers and their advantages and disadvantages http://www.secuobs.com/revue/news/356346.shtmlhttp://www.secuobs.com/revue/news/356346.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - Luke Jennings will be talking at DeepSec 09 in Vienna, Austria on 20th November 2009 regarding the security of deployment solutions and some of the recent vulnerabilities he discovered in Symantec s Altiris Deployment Solution https deepsecnet docs speakerhtml PSLOT39 If you are interested in this, be sure to come along http://www.secuobs.com/revue/news/356345.shtmlhttp://www.secuobs.com/revue/news/356345.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - As an Information Security Officer what is the one question that the non-technical executives ask you the most Usually it s as simple as Are we secure and the answer had better be Yes Anyone who s had to back that answer up will have done their background research, been to conferences, read books and talked to their counterparts in other companies Invariably this will have equipped you with knowledge of IT security from port scans and exploits through to Trojans and viruses Armed with this knowledge you can understand the need for firewalls, IDS, anti-virus and how their effectiveness should be confirmed through penetration testing But what if your most critical data is held on a mainframe Did they teach you about this at hacker boot-camp or in those hacking text books But does that matter After all, you know about IP and the ways that hackers try to attack your systems using it You have firewalls on your network and have regular pen tests completed against your systems Given this knowledge, the answer to the question is Yes, we are secure But still there s that worry at the back of your mind that there is something you haven t thought about If you are in the information security industry you know about that voice, call it paranoia, call your natural distrust What is it about the mainframe that makes you nervous Is it the fact that in essence that big metal box downstairs is your business Just what is it our subconscious trying to tell us http://www.secuobs.com/revue/news/356344.shtmlhttp://www.secuobs.com/revue/news/356344.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - In response to the recent vulnerability in Adobe Reader MWR InfoSecurity conducted some additional research in this area We were able to confirm that the issue, otherwise referred to as Adobe Reader medianewPlayer vulnerability, is also exploitable on Vista and Windows 7 with ASLR and DEP enabled http://www.secuobs.com/revue/news/356343.shtmlhttp://www.secuobs.com/revue/news/356343.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - The video of Matt s ShmooCon 2010 talk presenting a Ruby based Solaris debugging library, and the PoC tools developed with it thus far is now on the ShmooCon website at http wwwshmooconorg 2010 videos RSol-Hillmanm4v The slides for the presentation can also be found here These are slightly different from the version on the ShmooCon website and also include the demos http://www.secuobs.com/revue/news/356342.shtmlhttp://www.secuobs.com/revue/news/356342.shtml Secuobs.com : 2012-02-07 09:03:48 - var log messages - The web is constantly evolving with new technologies being added all the time, creating a platform completely unrecognizable from when the web first began MWR Labs recently carried out a research project to assess some of these new technologies and the possibilities they bring for helping to solve computationally intensive problems within security The main aim behind the project was to try to harness the power of two new technologies in particular, WebGL and WebCL, for retrieving passwords from hashes using a brute force technique If this proved possible, the secondary aim was to assess how cost effective it would be to retrieve hashes in this way compared to using cloud computing Let s start with a brief introduction into these two new technologies http://www.secuobs.com/revue/news/356341.shtmlhttp://www.secuobs.com/revue/news/356341.shtml