Recx has a continual internal research programme in addition to both public and private sector funded projects. Our internal work is typically documented in our blog and produces items which we make available for download. These are not formal products from the company and are offered typically as-is and are free for download and use assuming appropriate credit is given. We're keen to hear of use of these research outputs and encourage users to get in touch via the contact page.
From time to time, our research is formalised and written up. Recx either self publish or use our partner Wiley to make these available as eBooks via Amazon's Kindle store.
Abstract: As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.
Abstract: In this eBook, Recx first introduces the reader to the concept and risk of software security debt. A review is then performed of the types and sources of debt before discussing how it can build up when using a risk assessment based approach to prioritisation. A number of debt management strategies are then presented along with associated events, such as servicing, repayment, overhang and expiry. Finally a number of conclusions are drawn around software security debt and why it needs to be considered as part of mature secure software development and risk management processes.
To follow up on our blog post around the use of Microsoft EMET in the enterprise we wrote a small EMET automatic configuration builder. It was designed to allow you to quickly produce an EMET configuration XML for a specific machine. This XML file can then be imported into the EMET GUI. Hopefully, this will facilitate mass EMET opt-in for binaries in a host default build.
Download EMET Builder (107 Kb)
MD5 Hash: 39C68FDE00D2E1739442BBFD9958BEFA
In January 2012 we did some work around the integrity levels within Microsoft Windows. The results were documented in a blog post. During our research we needed a method to enumerate the aspects of the system accessible from a low integrity processes; to that end we wrote a piece of code to automate the enumeration of objects.
Download Get Low Integrity Level Tool (26 Kb)
MD5 Hash: F400B485D044E142F8F13223FBBF0122
Nessus plugins to detect the presence of Application Express, as well as determine the version and possible vulnerabilities in the installation (such as missing patches and administrative components).
Download APEX Nessus Plugins (46 Kb)
MD5 Hash: E72A13F2FDCCE4C04EC2372A3A9B6E3B
We discussed in our blog post on the 22nd February 2012, the defensive mechanisms that can be opted into for software running on the Microsoft Windows platform. In particular we looked at product installers and how these options could be enabled when a piece of software is being packaged. To that end and to ease adoption we released Recx Installer Defence under the BSD license, to ease the adoption of these security facilities.
Download Recx Installer Defence (16 Kb)
MD5 Hash: 9530326F12D62D6BFD0910B6346B3255
Towards the end of 2011, we blogged about the lack of randomisation in VirtualAlloc. After posting we started development on a more secure alternative which aimed to mitigate some of the initially identified flaws. The output of our research and development along with test cases and data are available for download.
VirtualAlloc_s Implementation (8 Kb)
MD5 Hash: 0AFC32CDF9B344285C9BF8CB7312291B
VirtualAlloc_s Implementation and Test Cases (978 Kb)
MD5 Hash: 3F5E2DAB0C46D01B97F9DCE26C1AEE5D
VirtualAlloc_s Test Data (879 Kb)
MD5 Hash: 6BBA26A50C084AC7A26DADDEF97FDB45
During a client assessment we came across a 64bit DLL which exported a C++ class and some associated methods. We had a requirement to access the methods but without source code, documentation or time to reverse engineer the code. We blogged about our approach and here you can download some sample code to ease the pain for those following in our footsteps.
Download Sample Code (22 Kb)
MD5 Hash: 14D8BB66DFC715C795BE5E1C0D311BDA