Research

We build genuine partnerships with our clients

• White Papers
  • Web Application Vulnerability Statistics 2010-2011
  • Assessing Cloud Node Security
  • Smartphones in the Enterprise
  • Clickjacking
• Tools
  • Clickjacking Tool
  • CAT
    • Why use CAT?
    • Key Components
    • Download
    • User Guide
      • Installation
      • Menu
      • Options
      • Log View
      • Repeater Panel
      • Proxy Panel
      • Fuzzer Panel
      • Log Panel
      • Auth Checker Panel
      • SSL Checker Panel
      • Notepad
      • Integrated Web Browser Panel
      • Addons
      • Additional Information
    • Addons
    • Mono
  • MBean Trojan
  • IIS7 Header Block
• Blog
  • Malware 2 - From Infection to Persistence
  • Server Technologies - HTTPS BEAST Attack
  • Malware - Dark Comet RAT
  • Server Technologies - Reverse Proxy Bypass
  • SAP Exploitation – Part 2
  • SAP Exploitation – Part 1
  • WebGL - More WebGL Security Flaws
  • WebGL - A New Dimension for Browser Exploitation
    • FAQ
  • Server Technologies - SSL2: Should it keep you awake at night?
  • SmartPhones - Can you Trust your USB Charger?
  • Malware 1 - From Exploit to Infection
  • Server Technologies - JBoss RMI Twiddling

Security is a fast changing field. We stay abreast of new threats and countermeasures through extensive internal research and development, membership of industry advisory groups and relationships with government bodies.

WhitePaper: Web Application Vulnerability Statistics 2010-2011

February 2011

Over the past two years Context have been amassing statistics on a range of IT security activities based on the output of real-world IT security consultation engagements. One of the most common activities performed during this period has been web application penetration tests. This whitepaper will provide a unique insight into the state of web application security, presenting penetration test analysis from a dataset containing nearly eight thousand confirmed vulnerabilities found in over five hundred and ninety six web applications during the period January 2010 and December 2011.

Read the white paper

Blog: Malware 2 - From Infection to Persistence

January 2011

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation techniques to exploit issues in Adobe PDF reader to download an executable from a known malicious URL. In this post I will look at how the malware sample persists on the infected host using stealth, anti-debugging and common userland hooking and rootkit techniques.

Read more on Malware 2 - From Infection to Persistence

Blog: Server Technologies - Malware Analysis - Dark Comet RAT

November 2011

A Remote Administration Tool (otherwise known as a RAT) is a piece of software designed to provide full access to remote clients. Capabilities often include keystroke logging, file system access and remote control, including control of devices such as microphones and webcams. RATs are designed as legitimate administrative tools, yet due to their extensive capabilities are often seen used with malicious intent.

In this blog post I take a look at a RAT called Dark Comet. I will run through the capabilities provided by the tool, examine the associated network traffic, identify the encryption algorithm and show how the key can be identified with a little analysis of an infected host.

Read more on Dark Comet RAT

Blog: Reverse Proxy Bypass

October 2011

In this blog I will describe a new type of security vulnerability which can allow full internal system access from the internet from an unauthenticated perspective. This technique exploits insecurely configured reverse web proxies to gain access to internal/DMZ systems.

Apache web server is affected by this issue when running in reverse proxy mode; Context have worked with Apache to produce a patch which reduces the risk of exploitable misconfigurations.

Read more on Reverse Proxy Bypass

Blog: SAP Exploitation – Part 2

August 2011

This is the second in a series of posts about SAP infrastructure security, specifically related to RFC vulnerabilities and common misconfigurations that can be exploited by an attacker to gain unauthorised access to a SAP environment. In this post I will be demonstrating how some of the RFC vulnerabilities previously described can be exploited by the freely available, python based ERP penetration testing platform – Bizploit.

Read more on SAP Exploitation – Part 2

Tools: CAT Version 1 Released

August 2011

Context Information Security is pleased to announce the release of its latest version of the globally esteemed CAT. Context is proud to be leading the way by developing the world’s leading Application Testing tool available to everyone for FREE. Security is a key component of any organisation, and Context is delighted to facilitate the movement towards a more secure business world.

CAT is designed to deliver manual web application penetration testing for more complex, demanding application testing tasks. CAT version 1.0 has been developed in-house by Context’s leading Security Development Consultants, and boasts significant upgrades, including:

• Silverlight WCF Support
• Scriptable Fuzzing
• Mono Support for Linux and OSX
• Freely Available SDK Addon Interface

Context would like to thank everyone who continues to provide feedback on CAT.

The new version can be downloaded from here.

Blog: SAP Exploitation – Part 1

July 2011

In this series of posts I aim to cover in depth some of the publically known infrastructure vulnerabilities that affect SAP systems, how to use public domain tools to test your current deployments for these issues and how best to address them. While the industry is slowly taking note of SAP related security beyond segregation of duties, there is still a significant lack of awareness of vulnerabilities and attacks against SAP systems, which prompted this series of posts.

Read more on SAP Exploitation – Part 1

Blog: WebGL – More WebGL Security Flaws

June 2011

In this blog post Context demonstrates how to steal user data through web browsers using a vulnerability in Firefox’s implementation of WebGL. This is a continuation of our research into serious design flaws that could affect any browser which implements WebGL, currently Chrome and Firefox.

Read more on WebGL - More WebGL Security Flaws

Blog: WebGL – A New Dimension for Browser Exploitation

May 2011

Context is currently undergoing a research project into the new WebGL technology and have uncovered serious security flaws. WebGL provides web pages with the functionality to access the lower level graphics driver in a way that previously was only available to local applications. This new access allows for web pages to create 3D graphics with the same level of speed and detail as PC games. However, from a security perspective allowing low level access to a graphics card to potentially malicious web pages carries a huge security risk. These risks stem from graphics cards/drivers having not been written with security in mind, the interface (API) they expose assumes that the applications are trusted but now this axiom is no longer true. Context have investigated this technology and have found fundamental design issues which currently expose users of the internet to having their PCs exploited. This includes breaking of the cross domain security principle, denial of service potentially leading to full exploitation of a user’s machine.

Read more on WebGL - A New Dimension for Browser Exploitation

Tools: IIS7 Header Block

May 2011

With the increased popularity of the Microsoft IIS7 web server, it is important that specific security recommendations can be applied to the latest web server technologies.

HeaderBlock is a .Net module that presents an easy way to remove key HTTP headers before they are transmitted from the web server to the client.

More information and the HeaderBlock download can be found here

WhitePaper: Assessing Cloud Node Security

March 2011

Cloud computing has become one of the buzzwords of the moment. The potential benefits offered by the Cloud make it an attractive business proposal to many organisations. But how secure is the Cloud and to what extent are its benefits tainted by the potential security risks?

In order to provide our client base with a better understanding of the technical security issues associated with Cloud computing, Context has undertaken a study of four major Cloud providers.

In the course of our research, Context reviewed the security aspects of hard disk separation, memory, network, hypervisor and remote management as these relate to the nodes provided to Cloud clients. Our aim was to discover how effectively the Cloud providers address security concerns associated with these areas. Our findings were that serious flaws in the implementation of Cloud technologies mean that some major providers are exposing their clients’ data to risk of compromise.

We are pleased to present the output of our research in the form of a whitepaper entitled “Cloud Computing – Assessing Cloud Node Security”. In this whitepaper we highlight the technical security risks associated with Cloud computing, provide recommended best practices for securing Cloud nodes, and arm prospective Cloud clients with a series of questions they can ask the would-be provider, to help ascertain the provider’s suitability from a security perspective.

Read the Cloud whitepaper here.

© Copyright 2012 Context Information Security.

Main Navigation

• Home /
• Our Company /
• Security Solutions /
• Research /
• Media /
• Contact Us