Oasis Network – Putting Security Research into Context

Context invite you to our next Oasis Network; a series of presentations showcasing our recent research efforts in areas ranging from economic espionage to cloud security.

Save the date:

Thursday 1st March 2012 from 3:30pm until 8pm
Location: Shoreditch House, East London.

More information can be found on our Oasis Network page.

Apache releases security advisory following discovery of back door threat by Context researchers

Apache released an advisory on Wednesday 5th October 2011 to all of its customers following the identification by Context’s researchers of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and have published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. The blog also provides advice to mitigate the risks

More Information can be found here

Read the detailed blog post here

Context Application Tool (CAT) Version 1.0 Released

Context Information Security is pleased to announce the release of its latest version of the globally esteemed CAT. Context is proud to be leading the way by developing the world’s leading Application Testing tool available to everyone for FREE. Security is a key component of any organisation, and Context is delighted to facilitate the movement towards a more secure business world.

More Information can be found here

The new version can be downloaded from here.

More security problems for WebGL

Researchers at Context Information Security who exposed security flaws in WebGL last month have identified further concerns about early implementations of the new technology that allows web pages to draw fast 3D graphics to deliver a much richer experience to web users. In one example, a vulnerability in the Mozilla Firefox browser made it possible for malicious web pages to capture any screenshot from a target PC – including the user’s desktop, other web pages or applications. By revealing that none of the current implementations comply with WebGL conformance standards, Context also raises serious questions for Khronos, the consortium which has drawn up the WebGL specification and conformance tests.

More Information can be found here

Context uncover security flaws in new WebGL technology put PCs and data at risk

Context researchers have uncovered serious security flaws in the new WebGL technology that creates 3D graphics in a browser with the same speed and detail as hardware-accelerated PC games and applications. Context says that design level security issues give potentially malicious web pages low level access to graphics cards that could provide a ‘back door’ for hackers and compromise data stored on internet-connected machines.

More Information can be found here

Malware 2 - From Infection to Persistence

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation techniques to exploit issues in Adobe PDF reader to download an executable from a known malicious URL. In this post I will look at how the malware sample persists on the infected host using stealth, anti-debugging and common userland hooking and rootkit techniques.

Read the detailed blog post here

HTTPS BEAST Attack

A number of our clients have asked for advice regarding the HTTPS BEAST attack. This blog is intended to give a more realistic overview of what the attack means to those who are concerned with the effect that it may have on their web applications, and answer some of the questions received.

BEAST is short for Browser Exploit Against SSL/TLS. This vulnerability is an attack against the confidentiality of a HTTPS connection in a negligible amount of time. That is, it provides a way to extract the unencrypted plaintext from an encrypted session.

Read the detailed blog post here

Malware Analysis: Dark Comet RAT

A Remote Administration Tool (otherwise known as a RAT) is a piece of software designed to provide full access to remote clients. Capabilities often include keystroke logging, file system access and remote control, including control of devices such as microphones and webcams. RATs are designed as legitimate administrative tools, yet due to their extensive capabilities are often seen used with malicious intent.

Read the detailed blog post here

Reverse Proxy Bypass

In this blog I will describe a new type of security vulnerability which can allow full internal system access from the internet from an unauthenticated perspective. This technique exploits insecurely configured reverse web proxies to gain access to internal/DMZ systems.

Apache web server is affected by this issue when running in reverse proxy mode; Context have worked with Apache to produce a patch which reduces the risk of exploitable misconfigurations.

More information

SAP Exploitation – Part 2

This is the second in a series of posts about SAP infrastructure security, specifically related to RFC vulnerabilities and common misconfigurations that can be exploited by an attacker to gain unauthorised access to a SAP environment. In this post I will be demonstrating how some of the RFC vulnerabilities previously described can be exploited by the freely available, python based ERP penetration testing platform – Bizploit.

More information