HackDig : Dig high-quality web security articles for hacker

SetUID program exploitation: Crafting shared object files without a compiler

In this post we look at an alternative to compiling shared object files when exploiting vulnerable setUID programs on Linux. At a high level we’re just going to copy the binary and insert some shellcode. First we take a look the circumstances that might lead you to use this option. Also check out this previous post on setUID exploitation. A hacker chal
Publish At:2019-09-19 17:35 | Read:204 | Comments:0 | Tags:Blog analysis exploit root UNIX

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:204 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:261 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

UNIX and Linux setUID advice and guidance

It is a topic that often comes up on client engagements, usually when running structured build reviews of Linux “gold builds”, but occasionally when trying to explain in detail how we used a Linux system to pivot internally. SetUID and setGID files are inevitably a risk, potentially allowing attackers to elevate privileges to root from a basic us
Publish At:2017-10-27 17:20 | Read:4327 | Comments:0 | Tags:Blog AIX analysis auditing blueteam FreeBSD Linux root Solar

SSTIC 2017 wrap-up

This year, one member of the Portcullis team went to one of the biggest security events in France: SSTIC (Symposium sur la sécurité des technologies de l’information et des communications). This post will highlight the most interesting presentations. Many of the slides, articles and videos are available on the SSTIC website, but they are mostly in Fren
Publish At:2017-10-27 17:20 | Read:3461 | Comments:0 | Tags:Blog analysis conference SSTIC

Biometrics: Forever the “next big thing”

It’s not every day we get to assess biometric systems from a security perspective, they are still somewhat esoteric and testing them doesn’t quite fit with the usual slew of things that come along with being a security consultant. Recent engagements reminded us of just how interesting this facet of the industry can be and so we decided to write u
Publish At:2017-10-27 17:20 | Read:2521 | Comments:0 | Tags:Blog analysis biometrics

A study in scarlet

In the modern age, where computers are used for nearly everything we do, the damage that can be caused to a company by cyber-attacks is substantial, with companies losing millions in regulatory fines, compensation and declining share prices. While some of these breaches have been caused by vulnerabilities within the target company’s infrastructure/soft
Publish At:2017-10-27 17:20 | Read:3690 | Comments:0 | Tags:Blog analysis blueteam phishing redteam

Exploring Windows Subsystem for Linux

Whilst there has been quite a lot of analysis of Microsoft’s new Windows Subsystem for Linux (aka WSL or Bash on Ubuntu on Windows) and how it functions (particularly from Alex Ionescu), most of this has focused on how it affects the Windows security model. Being a keen UNIX focused researcher, I decided to take it for a spin. The first thing I did onc
Publish At:2017-10-27 17:20 | Read:2727 | Comments:0 | Tags:Blog analysis Linux root Windows

Is your sign signed?

Modern autonomous vehicles use a number of sensors to analyse their surroundings and act upon changes in their environment. A brilliant idea in theory, but how much of this sensory information can we actually trust? Cisco’s Security Advisory R&D team, a.k.a. Portcullis Labs, decided to investigate further. Various researchers have documented attack
Publish At:2017-10-27 17:20 | Read:2950 | Comments:0 | Tags:Blog analysis biometrics connectedcar hardhack

Web Application Whitepaper

This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a
Publish At:2017-10-27 17:20 | Read:2111 | Comments:0 | Tags:Whitepapers analysis HTML5 SDL training web

See Our Threat Analysis of University College London Ransomware Attack

Ransomware has hit the news again in the UK today only a few short weeks since the WannaCry outbreak crippled the National Health Service. This time University College London (UCL) was hit by a ransomware strain which has resulted in them having to take down parts of their network to stop infected machines harming key university data. Credit to UCL for what
Publish At:2017-06-16 17:15 | Read:4492 | Comments:0 | Tags:Breaking News Threats analysis anti-virus browsing cause det

What Interests Children Online

Today’s children and teenagers are integrated into cyberspace so tightly that discussions on the outright prohibition of using devices with Internet connectivity are nonsensical. It is more reasonable to teach children how to behave themselves correctly online and lend support by protecting them against undesirable content. To solve these problems, man
Publish At:2017-06-01 10:55 | Read:4406 | Comments:0 | Tags:Analysis Featured Publications Parental control Security tec

Dridex: A History of Evolution

The Dridex banking Trojan, which has become a major financial cyberthreat in the past years (in 2015, the damage done by the Trojan was estimated at over $40 million), stands apart from other malware because it has continually evolved and become more sophisticated since it made its first appearance in 2011. Dridex has been able to escape justice for so long
Publish At:2017-05-25 13:15 | Read:3954 | Comments:0 | Tags:Analysis Publications Botnets Financial malware Malware Desc

IT threat evolution Q1 2017

Overview Targeted attacks and malware campaigns More wipers The aim of most targeted attack campaigns is to steal sensitive data. However, this isn’t always the goal. Sometimes attackers erase data instead of – or as well as – trying to gain access to confidential information. We’ve seen several wiper attacks in recent years. They include Shamoon
Publish At:2017-05-22 11:35 | Read:5372 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT Cyber espion

IT threat evolution Q1 2017. Statistics

Q1 figures According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world. 79,209,775 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were regis
Publish At:2017-05-22 11:35 | Read:3260 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports Financial malwar

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud