Tool Release – Reliably-checked String Library Binding

by Robert C. Seacord Memory Safety Reliably-checked Strings is a library binding I created that uses static array extents to improve diagnostics that can help identify memory safety flaws. This is part of broader initiative in the C Standards Committee to improve bounds checking for array types. See my blog post Improving Software Security through … Continue reading Tool Release – Reliably-checked String Library Binding

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

Unauthorised access to data is a primary concern of clients who commission a Salesforce assessment. The Salesforce documentation acknowledges that the sharing model is a "complex relationship between role hierarchies, user permissions, sharing rules, and exceptions for certain situations"[1]. It is often said that complexity and security are natural enemies. Salesforce empowers its users with … Continue reading Are you oversharing (in Salesforce)? Our new tool could sniff it out!

Tool Release – Principal Mapper v1.1.0 Update

Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update

Tool Release – Solitude: A privacy analysis tool

Created by Dan Hastings and Emanuel Flores Solitude is an open source privacy analysis tool that enables you to conduct your own privacy investigations into where your private data goes once it leaves your web browser or mobile device. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating an … Continue reading Tool Release – Solitude: A privacy analysis tool

Tool Release – ICPin, an integrity-check and anti-debug detection pintool

by Nicolas Guigo ICPin is an Intel pintool leveraging the framework's JIT mode designed to track a binary's integrity checks. It records all reads and all writes performed by the target executable or dynamically loaded library on its text section and outputs a human readable text file describing each memory access with its type (R|W) … Continue reading Tool Release – ICPin, an integrity-check and anti-debug detection pintool

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

by George Osterweil Winstrument is a modular framework built on top of Frida designed to help testers reverse engineer Windows applications and assess their attack surface. Motivation Winstrument is built on top of Frida, a powerful dynamic instrumentation framework which aids reverse engineering and debugging by injecting into a process a Javascript runtime with an … Continue reading Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

Tool Release: Sinking U-Boots with Depthcharge

Depthcharge is an extensible Python 3 toolkit designed to aid security researchers when analyzing a customized, product-specific build of the U-Boot bootloader. This blog post details the motivations for Depthcharge’s creation, highlights some key features, and exemplifies its use in a “tethered jailbreak” of a smart speaker that leverages secure boot functionality. The first three … Continue reading Tool Release: Sinking U-Boots with Depthcharge

Tool Release – Collaborator++

When testing for out-of-band vulnerabilities, Collaborator has been an invaluable tool since its initial release in 2015. By acting as a HTTP, DNS and SMTP server, Collaborator allows researchers to identify complex out-of-band interactions between target applications and external services aiding in the discovery of vulnerabilities such as server-side request forgery (SSRF), XML external entity … Continue reading Tool Release – Collaborator++

Tool Release – Enumerating Docker Registries with go-pillage-registries

Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a … Continue reading Tool Release – Enumerating Docker Registries with go-pillage-registries

PhanTap (Phantom Tap): Making networks spookier one packet at a time

As a security consultant at NCC Group, sometimes our clients hire us to perform red team engagements. Essentially, the goal is to sneak into one or more of their office locations however possible (think tailgating, social engineering, even delivering delicious pizzas). Once inside, we use this privileged access to conduct nefarious activities, such as looking … Continue reading PhanTap (Phantom Tap): Making networks spookier one packet at a time