Our Blog

Mallet, a framework for creating proxies

Reading time: ~17 min
Thanks to IoT and other developments, we’re having to review more and more non-HTTP protocols these days. While the hardware...

A distinguisher for SHA256 using Bitcoin (mining faster along the way)

Reading time: ~5 min
This post assumes a passing familiarity with what a Distinguishing Attack on a cryptographic hash is, as well as the...

Abusing GDI Objects for ring0 Primitives Revolution

Reading time: ~21 min
Exploiting MS17-017 EoP Using Color Palettes This post is an accompaniment to the Defcon 25 talk given by Saif. One...

The TRITON Won’t Protect You From Our Punches

Reading time: ~10 min
Whilst on a Red Team assessment back in 2015, we were faced with a tough Data Leak Protection (DLP) and...

Running sslscan on 5k servers taken from Alexa’s top 10k

Reading time: ~1 min
Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when...

Lovely Pwnies – Twitter Monitor

Reading time: Less than a minute
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over...

Using Maltego to explore threat & vulnerability data

Reading time: ~6 min
This blog post is about the process we went through trying to better interpret the masses of scan results that...

Associating an identity with HTTP requests – a Burp extension

Reading time: ~8 min
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...

Analysis of Security in a P2P storage cloud

Reading time: ~8 min
A cloud storage service such as Microsoft SkyDrive requires building  data centers as well as operational and maintenance costs. An alternative approach...

44Con: Vulnerability analysis of the .NET smart Card Operating System

Reading time: ~1 min
Today’s smart cards such as banking cards and smart corporate badges are capable of running multiple tiny applications which are...

RSA SecureID software token update

Reading time: ~4 min
There has been a healthy reaction to our initial post on our research into the RSA SecureID Software Token. A...

A closer look into the RSA SecureID software token

Reading time: ~7 min
Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices...

Hacking Online Auctions – UnCon && ITWeb talk

Reading time: ~2 min
I gave an updated version of my ‘Hacking Online Auctions’ talk at UnCon in London last week. The talk gave...