Tried, Tested and Proven

Monthly Archives: November 2013

As part of an ongoing review of how our research activities have performed, we’ve taken the opportunity to redefine our process of disclosing vulnerabilities to better align with current good practice. As a result of this, we’ve prepared a new Co-ordinated Disclosure Policy and assigned members of our technical team to drive the processes that underpin it.

The first change is that we’ve moved from Responsible to Co-ordinated. This is largely a semantic change, but reflects the mature industry view that using the word responsible is loaded and puts researchers in a difficult position even where they have attempted to co-ordinate a disclosure. This is a view that has previously been recognised by Microsoft amongst others, so we believe the market is ready for the change. Continue reading


We are pleased to announce, following the launch of the G-Cloud4, that Portcullis Computer Security Ltd has been selected as a supplier under the new G-Cloud framework.

As a leading provider of information security services, Portcullis is authorised to provide Information Assurance and Cyber Security Services under Lot 4 of the programme which covers Specialist Cloud Services.

Portcullis’ Consultants help our clients to effectively manage the gamut of security risks that threaten to compromise their networks or steal their intellectual property. Portcullis enables companies to turn information security into a business driver for their organisation. Continue reading


To coincide with our 21st birthday on November 11th, Portcullis Computer Security Ltd is pleased to announce that it has been awarded certification to ISO 27001; the internationally recognised standard for information security management. Getting this independently verified status demonstrates that Portcullis as an organisation is adhering strictly to industry best practice and has implemented a robust management framework with respect to the governance of information security.

Achieving ISO 27001 accredited status means that Portcullis will have had to meet over 100 different checks and balances relating to the storage, security and handling of confidential data. Consequently our clients can rest assured that their valuable information is safe in our hands. Continue reading

Over the past few weeks, Portcullis has shared two parts of a three part series on “MutexName: “UFR_Stealer_2600″. The previous articles, part 1, focussed on a one-shot information stealing malware, while part 2, discussed “information gathering”.

In the very last article, part 3, we are going through the data-exfiltration steps that involve data compression and encryption, and finally we analyze the few Anti-Reversing tricks present in this
malware sample.

Data Ex-filtration

Now that the malware is finished collecting data from the host, it will go through a series of steps in order to compress, encrypt, and finally send the data over to the attacker’s FTP server. Continue reading