Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.
When performing security assessments of AWS environments, it is typical to do configuration reviews of AWS services. Several well-known tools exist already that assist in these reviews and are best used with broad access to the environment.
Read more
This year at F-Secure Consulting's offices, Christmas came early. Dave Hartley, our local Santa Claus, gifted us some new shiny smart devices to break.
Read more
F-Secure has a long-standing record of success in ZDI’s pwn2own contests. This year’s event in Tokyo was no different – the same team scored major points across the board, pwning everything from the TP-Link router all...
Read more
In the era of smart devices, it should come as no surprise that more and more appliances "turn" smart. The KeyWe Smart Lock is no exception.
Read more
If you’ve ever looked into AWS security, you’ll know that getting it right is far from easy. If you don’t believe me, just search for anything along the lines of “S3 leaks” and look at the...
Read more
A client was looking to upgrade their Cisco UCM software and wanted assurance that their implementation was configured securely. During the assessment, we had discovered an authenticated SQL Injection issue within the Cisco UCM administrator portal.
Read more
This story begins with a request for an internal penetration test in November of last year: Countercept[1] (F-Secure’s Managed Detection and Response service) implemented a few new features in Honeycomb (its client-facing Ruby on Rails web application).
Read more
Overviewtl;dr When we have permission to modify an OU, we can modify its gpLink attribute in order to compromise any computer or user that belongs to that OU or its child OUs.Before writing SharpGPOAbuse, I wanted...
Read more
In this post, we describe a purpose-built tool for automatically (or, more accurately, semi-automatically) identifying exploitable logic bugs within Android applications.BackgroundFirstly, what are logic bugs and why do we care about them?A logic bug is a...
Read more
The ability to detect and identify adversary Command and Control (C2) channels has always been one of the most important elements to a strong defensive capability.
Read more
Privileged malware or an attacker with physical access to an Android device is a difficult attack vector to protect against. How would your application maintain security in such a scenario?
Read more
The times of “<script>alert(1)</script>” and making use of “python –m SimpleHTTPServer” have well faded away. The practicality of these methods for achieving Cross-Site Scripting (XSS) and exfiltrating/loading data are becoming less practical outside of your local host.
Read more