Expressing Yourself: Analysis of a Dot Net Elevation of Privilege Vulnerability
Partial Trust SecurityIn the .NET framework sandboxing is implemented by running code with 'Partial Trust' which uses the built-in Code Access Security (CAS) framework to limit what code can do to a...
View ArticleFiesta Exploit Kit Analysis
In January, Cisco published a blog post on the ubiquitous Fiesta Exploit Kit (EK) which is quite active at the moment. To supplement their analysis, this post takes a look at an individual Fiesta...
View ArticleContext Threat Intelligence - The Monju Incident
On 2nd January 2014 a Systems Administrator at the Monju fast breeder reactor facility in Japan noticed suspicious connections emanating from a machine in the control room, coinciding with what was a...
View ArticleAltiris-La-Vista: The Secrets Within…
Recently at Context we were asked by a client to perform an infrastructure test on an environment which made use of a deployment solution called Altiris by Symantec. One of the many facets of this...
View ArticleCareto Malware Masks Ancient but Deadly Virus DNA
Kaspersky recently discovered a new family of malware, dubbed ‘The Mask’ or ‘Careto’, which it described as one of the "most advanced global cyber-espionage operations to date”[1]. This description is...
View ArticleBypassing Windows 8.1 Mitigations using Unsafe COM Objects
In October last year I was awarded the first $100,000 bounty for a Mitigation Bypass in Microsoft Windows. My original plan was to not discuss it in any depth until Microsoft had come up with a...
View ArticleHacking into Internet Connected Light Bulbs
The subject of this blog, the LIFX light bulb, bills itself as the light bulb reinvented; a “WiFi enabled multi-color [sic], energy efficient LED light bulb” that can be controlled from a smartphone...
View ArticleA Cruel Interest: Attacker motivations for targeting the financial services...
A question we often get asked is “why would APTs target my organisation, what could a state sponsored attacker possibly want with us?” While the core areas of government and the defence establishment...
View ArticleComma Separated Vulnerabilities
This post introduces Formula Injection, a technique for exploiting ‘Export to Spreadsheet’ functionality in web applications to attack users and steal spreadsheet contents. It also details a command...
View ArticleUpcoming service announcement: IRIS, a new aperture on Incident Response
Rapid incident response is a core function of Context's Response division and we pride ourselves on the close relationships and integration we build with our clients. However, we have found an...
View ArticleHacking Canon Pixma Printers - Doomed Encryption
This blog post is another in the series demonstrating current insecurities in devices categorised as the ‘Internet of Things’. This instalment will reveal how the firmware on Canon Pixma printers...
View ArticleRDP Replay
Here at Context we work hard to keep our clients safe. During routine client monitoring our analysts noticed some suspicious RDP traffic. It was suspicious for two reasons. Firstly the client was not...
View ArticleEvasive Measures: "faxmessage.php" malware delivery
In the ongoing malware arms race attackers are always trying to find creative ways to bypass detection, and this isn’t something that is limited to targeted threat actors. In fact some ingenious...
View ArticleClik here to view.
Automating Removal of Java Obfuscation
In this post we detail a method to improve analysis of Java code for a particular obfuscator, we document the process that was followed and demonstrate the results of automating our method. Obscurity...
View ArticleThanks for the Memories: Identifying Malware from a Memory Capture
We've all seen attackers try and disguise their running malware as something legitimate. They might use a file name of a legitimate Windows file or even inject code into a legitimate process that's...
View ArticleRFID Tags in Access Control Systems
One of our recent engagements required us to explore an unknown RFID tag which was used as part of an access control system. The objective of this engagement was to find out how the RFID tag...
View ArticleSQL Inception: How to select yourself
In this blog post I will describe a few ways to view the whole SQL statement being executed as part of a SQL injection attack. Currently, unless the vulnerable page returns the SQL statement in an...
View ArticleBreaking the law: the legal sector remains an attractive target; why not turn...
The legal sector will remain an attractive target for the full spectrum of threat actors; cyber-criminals, hacktivists, state-sponsored groups. Unsurprisingly, this is due to the wealth of sensitive...
View ArticleWireless Gridlock in the IoT
“What good is a phone call when you are unable to speak?”IntroductionWhen people mention the Internet of Things (IoT) and congestion they’re likely referring to novel solutions to urban traffic...
View ArticleThe Emergence of Bluetooth Low Energy
IntroductionThis blog is about Bluetooth Low Energy (BLE), which is the relatively new, lower-power version of the Bluetooth protocol. BLE was introduced in version 4.0 of the Bluetooth Core...
View Article