DVR Security Evolution
This post is in conjunction with a project that can be found on my Github. There was a two hour workshop which covered the methodology live on stream, for the slides please see DVR Security Evolution. Results and observations for this project will be updated January 2021 on the Github project page. The current stage … Continue reading DVR Security Evolution
LLHS – Starting out as a Security Researcher
I have carried out a short talk which was aimed at the ladies of LLHS to go over some of the research I have undertaken in the past and give them resources to get started. Heres the link to the slides. Heres the link to the talk The zoom presentation features my brief talk on … Continue reading LLHS – Starting out as a Security Researcher
RFID Hacking Tools Workshop (How to create your own Reader ) Requirements
44 con Workshop Overview: A 101 & upwards workshop on Radio Frequency Identification, tools, and how to make your own access control system. If you’re new to Arduino, RFID or basic electronics, this is the workshop for you! If you have stumbled upon this page o nthe internet and do not know what 44Con or … Continue reading RFID Hacking Tools Workshop (How to create your own Reader ) Requirements
Make Your Own RFID Reader Shopping List
To create your own RFID MFRC522 Reader please see the below links. These are to demonstrate the required parts. If you buy in larger quantity’s or source with longer delivery times you may get better deals. The links provide a framework to help guide you. Please note that these are affiliate based links, every purchase … Continue reading Make Your Own RFID Reader Shopping List
Hacker Couch Time @ #H1-702 event in Las Vegas
Had an awesome time being interviewed with the guys on the hacker couch at Hacker One’s #h1-702 event in Las Vegas Big Shout out & thanks to @NahamSec and @stokfredrik for having me and @daeken on the hack-couch for @Hacker0x01 interview at the #h1702. I adore these guys, it was inspiring to spend time … Continue reading Hacker Couch Time @ #H1-702 event in Las Vegas
How-to Tutorial: PHP Webshell De-Obfuscation
I would like to introduce you to some obfuscated malicious PHP files that I had recently found on a WordPress website. I’ve written a detailed report on the research and analysis process for the PHP Web Shell Hexedglobals.3793 variants, while this post is a how-to tutorial on the de-obfuscation. In this article I will be … Continue reading How-to Tutorial: PHP Webshell De-Obfuscation
Investigation of PHP Web Shell Hexedglobals.3793 Variants
This article covers the analysis work undertaken on the Hexedglobals.3793 family of PHP based malware. The variants are: Kidslug, php.obfuscated!, php.malware.GLOBALS.003 and php.malware.GLOBALS.004. During my investigation I documented my process, steps taken and also put together a separate tutorial on the de-obfuscation of this web shell. I have also put some scripts together which helps … Continue reading Investigation of PHP Web Shell Hexedglobals.3793 Variants
Bsides Las Vegas Talk: Breaking the Bodyguards
Please click on the image below to watch my 20 minute talk which covers the physical security sector being prone to technical attacks and how this can impact operations. Continue reading Bsides Las Vegas Talk: Breaking the Bodyguards
The Co-Lab Radio Frequency Identification Workshop
Hi guys, Just an update and to let you know that the first ever Co-Lab workshop went amazingly well! Really sorry it has taken me a very long time to get this post done and up online! Our Radio Frequency workshop was undertaken in March and was a complete success, with the help of some … Continue reading The Co-Lab Radio Frequency Identification Workshop
Chrissy Morgan – Winner of the (ISC)² -EMEA Up and Coming Professional
Hi guys, I’m mega excited to let you know that something really nice has happened. I *Edit – I only went and won it!! been nominated and I’m a finalist for the “Up and Coming Security Professional” category at the ISLA awards! Here’s some info: “Since 2004, (ISC)² has been recognising the ongoing commitment of … Continue reading Chrissy Morgan – Winner of the (ISC)² -EMEA Up and Coming Professional
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Template Hi guys, please find the link below to the google document which shows the report which can be sent to people to let them know their website is vulnerable. There are many website still vulnerable to this issue. I am providing a template report which can be used to disclose to sites to help … Continue reading Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Searching Steganography
By @5w0rdfish If you are not sure what it is or how it is done head over to my blog post about it, Steganography 101 Steganography may be a solution to sending data when secure lines are not readily available, especially in the instance when data can be intercepted. It is intended that the data … Continue reading Searching Steganography
Chrissy Morgan 