Research

MDSec consultants are at the cutting-edge of technical security. One of the reasons is because we are helping to sharpen it with tools, techniques, and advisories.

Below are lists of all research and tools that has been carried out by security experts at MDSec.

For information on how MDSec works with vendors to resolve security issues, please refer to our responsible disclosure policy.

Further resources can be found on the MDSec and ActiveBreach github sites which are actively maintained

Advisories

The following issues were discovered by MDSec consultants:

Whitepapers

iOS Application (In)Security: This whitepaper details some of the vulnerabilities identified by MDSec over the past year whilst performing regular iOS application reviews.

Download »

Practical Attacks Against Encrypted VoIP Communications: This whitepaper details a number of attacks that can be leveraged to deduce spoken phrases in encrypted VoIP traffic. The whitepaper presents a case study on Skype.

Download »

Tools

OAP: A framework for automating Oracle database penetration tests (Release pending).

iAuditor binary release: A semi-automated framework for penetration testing iOS applications.

Download »

iAuditor source code: The github hosted source repository for iAuditor.

View Source »

SkypeGrep source code: The github hosted source repository for SkypeGrep.

View Source »

Heartbleed Exploit: An exploit for the Heartbleed vulnerability.

View Source »

LyncSniper: A tool for penetration testing Skype for Business.

View Source »

Presentations

Evaluating iOS Applications: OWASP, PricewaterhouseCoopers, Manchester

Download »

iOS Application (In)Security: OWASP, Google, Dublin

Download »

Beyond the OWASP Top Ten: OWASP, Google, Dublin

Download »

Practical Attacks Against Encrypted VoIP Communications: HackInTheBox Conference, Kuala Lumpur, Malaysia

Download »

Heartbleed: 44Cafe, London, UK

Download »

Breaking Secure Mobile Applications: BSidesMCR, Manchester, UK

Download »

Breaking Secure Mobile Applications: HackInTheBox, Kuala Lumpur, Malaysia

Download »

Hacking Adventures in GSM: 44Con, London, UK

Download »

Breaking and Entering: BSidesMCR, Manchester, UK

Download »

An Anatomy of IoT Security: OWASPMcr, Manchester, UK

Download »

Ready to start testing your applications?

Speak to one of our industry experts and find out how MDSec can help your business.

+44 (0) 1625 263 503

contact@mdsec.co.uk