ConCon Blog

Show left menu  
Hide left menu  
James' cheque
Bypassing Windows 8.1 Mitigations using Unsafe COM Objects

By James Forshaw, 25 June 2014

In October last year I was awarded the first $100,000 bounty for a Mitigation Bypass in Microsoft Windows. My original plan was to not discuss it in any depth until ...

Careto Malware
Careto Malware Masks Ancient but Deadly Virus DNA

By Kevin O'Reilly, 12 June 2014

Kaspersky recently discovered a new family of malware, dubbed ‘The Mask’ or ‘Careto’, which it described as one of the "most advanced global cyber-espionage operations to date”[1]. This description is ...

Altiris
Altiris-La-Vista: The Secrets Within…

By Kevin O'Reilly, 29 May 2014

Recently at Context we were asked by a client to perform an infrastructure test on an environment which made use of a deployment solution called Altiris by Symantec. One of ...

Threat
Context Threat Intelligence - The Monju Incident

By Mark Graham, 19 Feb. 2014

On 2nd January 2014 a Systems Administrator at the Monju fast breeder reactor facility in Japan noticed suspicious connections emanating from a machine in the control room, coinciding with what ...

Fiesta Exploit
Fiesta Exploit Kit Analysis

03 Feb. 2014

In January, Cisco published a blog post on the ubiquitous Fiesta Exploit Kit (EK) which is quite active at the moment. To supplement their analysis, this post takes a look ...

Expressing yourself
Expressing Yourself: Analysis of a Dot Net Elevation of Privilege Vulnerability

By James Forshaw, 17 Dec. 2013

Partial Trust Security In the .NET framework sandboxing is implemented by running code with 'Partial Trust' which uses the built-in Code Access Security (CAS) framework to limit what code can ...

Malware 1
Malware 1 - From Exploit to Infection

By Mark Nicholls, 07 Dec. 2013

In this series of posts I will be looking at the most recent malware attacks encountered by Context. The analysis and observations will cover the entire malware lifecycle, providing an ...

Back to Top