Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.


Digital lockpicking - stealing keys to the kingdom

By Krzysztof Marciniak on 11 December 2019

In the era of smart devices, it should come as no surprise that more and more appliances "turn" smart. The KeyWe Smart Lock is no exception.

Read more

AWS: Such auspices are very hard to read

By Craig Koorn on 4 December 2019

If you’ve ever looked into AWS security, you’ll know that getting it right is far from easy. If you don’t believe me, just search for anything along the lines of “S3 leaks” and look at the...

Read more

Uncommon SQL Database Alert - Informix SQL Injection

By Ken Gannon on 20 November 2019

A client was looking to upgrade their Cisco UCM software and wanted assurance that their implementation was configured securely. During the assessment, we had discovered an authenticated SQL Injection issue within the Cisco UCM administrator portal.

Read more

Prince of the Honeycomb

By Fabian Beterke on 15 November 2019

This story begins with a request for an internal penetration test in November of last year: Countercept[1] (F-Secure’s Managed Detection and Response service) implemented a few new features in Honeycomb (its client-facing Ruby on Rails web application).

Read more

OU having a laugh?

By Petros Koutroumpis on 6 November 2019

Overviewtl;dr When we have permission to modify an OU, we can modify its gpLink attribute in order to compromise any computer or user that belongs to that OU or its child OUs.Before writing SharpGPOAbuse, I wanted...

Read more

Automating Pwn2Own with Jandroid

By Pallavi Sivakumaran on 1 November 2019

In this post, we describe a purpose-built tool for automatically (or, more accurately, semi-automatically) identifying exploitable logic bugs within Android applications.BackgroundFirstly, what are logic bugs and why do we care about them?A logic bug is a...

Read more

Hunting for C3

By James Dorgan on 6 September 2019

The ability to detect and identify adversary Command and Control (C2) channels has always been one of the most important elements to a strong defensive capability.

Read more

How Secure is your Android Keystore Authentication ?

By Kamil Brenski, Krzysztof Pranczk and Mateusz Fruba on 21 August 2019

Privileged malware or an attacker with physical access to an Android device is a difficult attack vector to protect against. How would your application maintain security in such a scenario?

Read more

Getting Real with XSS

By Oliver Simonnet on 8 August 2019

The times of “<script>alert(1)</script>” and making use of “python –m SimpleHTTPServer” have well faded away. The practicality of these methods for achieving Cross-Site Scripting (XSS) and exfiltrating/loading data are becoming less practical outside of your local host.

Read more

AutoCAD - Designing a Kill Chain

By Matt Hillman and Tim Carrington on 22 February 2019

MWR identified software vulnerabilities and native features in AutoDesk’s AutoCAD software suite that can be used to compromise users and perform numerous attacker actions.

Read more


Ventures into Hyper-V - Fuzzing hypercalls

By Amardeep Chana on 15 February 2019

Hyper-V is a virtualization platform built by Microsoft from over a decade ago. In recent years it has taken front stage and become core to the Microsoft Azure cloud platform, and introduced a variety of powerful...

Read more


What the Fuzz

By Felix Schmidt on 23 January 2019

This blog post covers the basics of fuzzing, introduces several fuzzing tools and outlines a selection of recent fuzzing research in three sections.

Read more