Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

Phishing the simple and effective blended attack Phishing is a common and yet highly successful technique used by adversaries and red teams alike to breach organisations. Phishing is successful as it is a blended attack relying on end-users to be convinced, tricked or otherwise persuaded into performing an action which benefits the attacker. The actions … Continue reading Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Previous current event This is a current event and as such this blog post is subject to change over the course of the next couple of days as we perform further supplementary research and analysis. 1.0: Initial version.1.1: Revised to include further vulnerable software, alpha signature and small clarifications.1.2: Added additional analysis from NCC Group’s … Continue reading SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Intel® Software Guard Extensions (SGX): A Researcher’s Primer

tl;dr Intel SGX is a trusted execution environment which provides a reverse sandbox. It’s not yet available but those who have had access to the technology have shown some powerful applications in cloud use cases that on the face of it dramatically enhance security without the performance constraints of homomorphic encryption. However, there is enough … Continue reading Intel® Software Guard Extensions (SGX): A Researcher’s Primer

Heartbleed OpenSSL vulnerability

Previous current event – v1.8 of post This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis. 1.8: Update to include Bro detection and further analysis. This is likely final public release – private … Continue reading Heartbleed OpenSSL vulnerability

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction We’ve seen a sharp rise in the last five years or so in the amount of security assurance and research activities we’re asked to undertake in the embedded system space. This has naturally led us to working increasingly with the Internet of Things (IoT) in a variety of different guises. In response to this … Continue reading Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction to Anti-Fuzzing: A Defence in Depth Aid

tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The goal is to drive down the return of investment seen in fuzzing today by virtue of making it more expensive … Continue reading Introduction to Anti-Fuzzing: A Defence in Depth Aid

Non Obvious PE Parsers – The .NET runtime – Part 1

tl;dr The Windows program loader isn’t the only PE parser in Windows. The .NET runtime has its own used for loading modules as well. We can find yester years code for on the Internet for the implementation which shows some interesting defensive properties. Examples include obvious defences against import, entry point and base location mischief. … Continue reading Non Obvious PE Parsers – The .NET runtime – Part 1

Windows DACLs & Why There Is Still Room for Interest

The tools So I've been re-writing an old private tool in the glare of GitHub with a number of improvements under the catchy moniker of the 'Windows DACL Enum Project'.So far I've completed (the planned list for future tools is quite long so I'll spare you): Process and thread permissions with the following functionality: Process name, … Continue reading Windows DACLs & Why There Is Still Room for Interest