Padding the struct: How a compiler optimization can disclose stack memory

Originally written by Jack Leadford Introduction In their eternal quest for more performance, compilers like GCC perform clever optimizations behind the scenes to make your code more performant, among other optimization classes. One example of this is adding padding to struct objects so that accessing their members is memory-aligned and is therefore faster. However, this … Continue reading Padding the struct: How a compiler optimization can disclose stack memory

EternalGlue part one: Rebuilding NotPetya to assess real-world resilience

Tl;dr - we were engaged by a client back in June 2017 to rebuild NotPetya from scratch. However, instead of the data destruction payload, they asked for telemetry and safeguards. Why? Because they wanted to measure what the impact of NotPetya would have been. Below, you’ll find part one of the story… When you dodge a … Continue reading EternalGlue part one: Rebuilding NotPetya to assess real-world resilience

Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

Phishing the simple and effective blended attack Phishing is a common and yet highly successful technique used by adversaries and red teams alike to breach organisations. Phishing is successful as it is a blended attack relying on end-users to be convinced, tricked or otherwise persuaded into performing an action which benefits the attacker. The actions … Continue reading Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Previous current event This is a current event and as such this blog post is subject to change over the course of the next couple of days as we perform further supplementary research and analysis. 1.0: Initial version.1.1: Revised to include further vulnerable software, alpha signature and small clarifications.1.2: Added additional analysis from NCC Group’s … Continue reading SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Intel® Software Guard Extensions (SGX): A Researcher’s Primer

tl;dr Intel SGX is a trusted execution environment which provides a reverse sandbox. It’s not yet available but those who have had access to the technology have shown some powerful applications in cloud use cases that on the face of it dramatically enhance security without the performance constraints of homomorphic encryption. However, there is enough … Continue reading Intel® Software Guard Extensions (SGX): A Researcher’s Primer

Writing Robust Yara Detection Rules for Heartbleed

This blog walks through the methodology and process of writing robust Yara rules to detect either Heartbleed vulnerable OpenSSL statically linked or shared libraries which omit version information. Although Yara is designed for pattern matching and typically used by malware researchers we’ll show how we can also use it to detect vulnerable binaries. One person’s static malware signature is … Continue reading Writing Robust Yara Detection Rules for Heartbleed

Heartbleed OpenSSL vulnerability

Previous current event – v1.8 of post This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis. 1.8: Update to include Bro detection and further analysis. This is likely final public release – private … Continue reading Heartbleed OpenSSL vulnerability

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction We’ve seen a sharp rise in the last five years or so in the amount of security assurance and research activities we’re asked to undertake in the embedded system space. This has naturally led us to working increasingly with the Internet of Things (IoT) in a variety of different guises. In response to this … Continue reading Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond