Archive

Slides

Investigating RF Controls with RTL-SDR

By on February 2, 2018 at 1:31 PM

Katie Knowles presented an introduction to Software Defined Radio (SDR) titled 'Signal Safari: Investigating RF Controls with RTL-SDR' at BSidesNYC 2018.

Read more

Blog

Finding the Low-Hanging Route

By on December 20, 2017 at 10:09 AM

IntroductionThe Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is Cisco's SDN controller for enterprise networks, which according to Cisco can solve a myriad of problems by leveraging many bleeding edge technologies.

Read more

Slides

Corrupting Memory In Microsoft Office Protected-View Sandbox

By on November 23, 2017 at 9:55 AM

Yong Chuan Koh presented this talk at Microsoft BlueHat v17.

Read more

Blog

WebUSB - How a website could steal data off your phone

By Felix Schmidt on October 3, 2017 at 11:24 AM

IntroductionOn the 5th September this year, Chrome 61 was released with WebUSB enabled as a default feature. WebUSB is a JavaScript API to allow web sites access to connected USB devices.

Read more

Slides

Biting the Apple that feeds you - macOS Kernel Fuzzing

By James Loureiro on September 25, 2017 at 11:45 AM

This talk aimed to cover the research which has been undertaken following on from the Defcon presentation on MWR's platform agnostic kernel fuzzing, to automatically identify critical flaws within Apple macOS.

Read more

Blog

“Tasking” Office 365 for Cobalt Strike C2

By on September 22, 2017 at 4:48 PM

There is much research into customised and novel Command and Control (C2) channels, although typically the public outputs of such research are standalone proof-of-concepts rather than being integrated into exisiting offensive toolkits.

Read more

Whitepaper

Kernel Driver mmap Handler Exploitation

By Mateusz Fruba on September 19, 2017 at 9:23 AM

This paper aims to guide it's reader towards building a working exploit for Linux kernel driver memory mapping issues.

Read more

Slides

Land, Configure Microsoft Office, Persist

By on September 18, 2017 at 8:46 AM

One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk discussed the ways that native functionality within Office can be abused to obtain persistence.

Read more

Blog

Threat Information Sharing with Athena

By on September 1, 2017 at 1:34 PM

IntroductionThe aim of this article is to provide an introduction to using structured Threat Intelligence (TI) formats, some of the challenges present (in particular with data transformation) and to share a tool MWR has developed to…

Read more

Blog

Alexa, are you listening?

By Mark Barnes on August 1, 2017 at 11:46 AM

IntroductionThe Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering.

Read more

Blog

Using Windows File Auditing to Detect Honeyfile Access

By on July 7, 2017 at 2:08 PM

IntroductionOver the years, a vast amount of research has been focused towards honeypots. Honeypots have evolved from the traditional emulated operating system and service to include a variety of honey “things”.

Read more

Article

Offensive ICS Exploitation: A Description of an ICS CTF

By William Jardine on June 29, 2017 at 4:00 PM

IntroductionOn the 9th June, MWR InfoSecurity were at Singapore University of Technology and Design (SUTD) for a competition based around the cyber security of Industrial Control Systems (ICSs).

Read more