Skip to main content
Matt Lorentzen 6 January, 2022

CVE-2021-20047: DLL Search Order Hijacking Vulnerability

When looking for methods of execution in controlled environments, software components are an essential area of review. With the implementation of controls such as AppLocker, running arbitrary executables becomes more difficult. In most environments we test, AppLocker is now a common configuration implementation which serves to reduce the attack surface by defining the permitted locations an executable is allowed to run from.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Cyberis 3 September, 2021

Let's Talk Quantum Cryptography Pt 2

When testing these types of systems, vulnerabilities can be broken down into two broad classes:

Inherent flaws – These occur when an assumption made during the creation of a protocol doesn’t hold to be true, a new mathematical technique for example may break the security of the protocol. An example of a protocol with inherent flaws would be SSLv3.
Implementation flaws – These occur because physical systems aren’t perfect, nor is our adaptation of theoretical principles to physical mediums. Where these imperfections exist so does the potential for exploitation.
Today we’ll be looking at some implementation flaws, but to begin let’s have a think about the set-up Alice and Bob will need to carry out the steps of the BB84 protocol.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 7 May, 2021

Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain. 

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Matt Lorentzen 7 April, 2021

Code Roulette: Windows Internal Complexities

Since its inception, the Windows operating system has been a recognizable force within the IT industry and grew increasingly common throughout the 90's and 2000's. Features of the operating system have grown over the last 20 years in response to the changing needs within the industry and shifts in attitudes towards system management, user experience and scale. In the early 2000's Windows dominance was largely driven by a combination of a widely accepted end user experience, flexible server components and a centralized authentication, authorization and configuration solution, Active Directory. Whilst there were some alternatives, the reality was that there was no one stop solution for integration that could compete with Active Directory at scale and as most things are driven by business goals, Active Directory became the central hub of IT operations within a significant portion of the commercial and government markets.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Phil Wilcox 8 October, 2019

Bluetooth: The Spy In The Meeting Room

Bluetooth technology permeates the modern world. From smart phones to wireless speakers, fitness trackers to WiFi mesh hardware, Bluetooth has become the de facto standard for short-range wireless communications. The chances are that you have Bluetooth enabled devices near you as you read this, and, if you're regularly involved in conference calls, you've probably often used a Bluetooth enabled speaker or VoIP phone.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Cyberis 8 October, 2019

Let’s Talk Quantum Cryptography

Quantum computers are on the horizon and the ramifications the technology is expected to produce across a multitude of industries is game changing. They can certainly be described as a disruptive technology when taken in the context of current cryptography and will force a radical change in how secure communication is implemented. A prime reason for this is due to the significant advances they promise to provide in the factoring of large numbers. This is a technique central to the security of several algorithms, such as RSA, in which prime factors of large numbers are utilised in encryption precisely because of the traditional difficulty in computing such numbers. Consequently, the security afforded by RSA alongside other similarly implemented algorithms will be heavily impacted, if not entirely broken. We’re left with a void within the field of classical cryptography that its quantum equivalent attempts to fill.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Phil Wilcox 27 September, 2018

Microsoft Exchange Client Access Server Information Disclosure

If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners.

Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Phil Wilcox 2 February, 2017

The True Impact Of A Cyber Breach On Share Price

With media coverage of security breaches becoming more commonplace, the business world is beginning to realise that it is less a matter of ‘if’ there is a breach and more a matter of ‘when’. Whilst there is often extensive coverage of the cost to the affected company of a data breach, rarely is the impact on the company’s value examined.

We  looked at four recent data breaches and examined the impact on share prices for the companies involved, both short and medium term, to  see if the value of the company is indeed affected.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 20 August, 2013

Vulnerabilities That Just Won't Die - Compression Bombs

Recently Cyberis has reviewed a number of next-generation firewalls and content inspection devices - a subset of the test cases we formed related to compression bombs - specifically delivered over HTTP. The research prompted us to take another look at how modern browsers handle such content given that the vulnerability (or perhaps more accurately, ‘common weakness’ - http://cwe.mitre.org/data/definitions/409.html) has been reported and well known for over ten years. The results surprised us - in short, the majority of web browsers are still vulnerable to compression bombs leading to various denial-of-service conditions, including in some cases, full exhaustion of all available disk space with no user input.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 2 July, 2013

Shared Dictionary Compression Over HTTP (SDCH) - Bypassing Your Filtering Devices

Following Cyberis’ recent articles on bypassing perimeter filtering devices (e.g. proxies, IDS and next-generation firewalls) by manipulating HTTP response headers, we’ve taken a closer look at some more obscure Content-Encoding mechanisms. This article discusses Shared Dictionary Compression over HTTP (SDCH), and the implications for perimeter security controls designed to protect your network from unwanted content.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

We'd like to use analytics cookies. These send information about how our site is used to a service called Google Analytics, via Google Tag Manager. We use this information to improve our site.

Let us know if this is OK. We'll use a cookie to save your choice. You can read more about our cookies before you choose.