As part of an ongoing review of how our research activities have performed, we’ve taken the opportunity to redefine our process of disclosing vulnerabilities to better align with current good practice. As a result of this, we’ve prepared a new Co-ordinated Disclosure Policy and assigned members of our technical team to drive the processes that underpin it.
The first change is that we’ve moved from Responsible to Co-ordinated. This is largely a semantic change, but reflects the mature industry view that using the word responsible is loaded and puts researchers in a difficult position even where they have attempted to co-ordinate a disclosure. This is a view that has previously been recognised by Microsoft amongst others, so we believe the market is ready for the change. Continue reading
As a leading provider of information security services, Portcullis is authorised to provide Information Assurance and Cyber Security Services under Lot 4 of the programme which covers Specialist Cloud Services.
Portcullis’ Consultants help our clients to effectively manage the gamut of security risks that threaten to compromise their networks or steal their intellectual property. Portcullis enables companies to turn information security into a business driver for their organisation. Continue reading
Achieving ISO 27001 accredited status means that Portcullis will have had to meet over 100 different checks and balances relating to the storage, security and handling of confidential data. Consequently our clients can rest assured that their valuable information is safe in our hands. Continue reading
In the very last article, part 3, we are going through the data-exfiltration steps that involve data compression and encryption, and finally we analyze the few Anti-Reversing tricks present in this
Now that the malware is finished collecting data from the host, it will go through a series of steps in order to compress, encrypt, and finally send the data over to the attacker’s FTP server. Continue reading