Hyperion Bristol is a specialist security firm offering consultancy to all levels of public and private enterprise.
Mobile and Computer
Advanced Threat Emulation
Advanced Persistent Threat Simulation and Attacks
Novel Technology Assessment
Drones, Electrical Grids and Commercial Aircraft
Helping you achieve your desired effect.
5 years of immersion in deep technical issues, combined with a pragmatic approach refined in an operational environment.
Our specialist areas cover most aspects of Critical National Infrastructure (Including SCADA), but focus on Aerospace and Maritime systems.
Projects and Latest News
This is a cross post from 4ARMED’s blog. After defeating the license restrictions, we’re able to install the full backend system, and operate it as if we were a HackingTeam customer. (See my post Here for details). As covered previously on this blog, there are a number of elements to a deployment of the ‘Galileo[…]
In our previous post, we looked at the capabilities of the lowest tier of implant, the ‘scout’. The files that formed part of the previous post were contained within Git repositories of source code. However, an entire installer for the most recent version of the Galileo RCS (V.9.6) is also contained within the 400GB of[…]
As some of you will be aware, the Italian security firm ‘Hacking Team’ was hacked recently, with 400GB of documents and source code leaked into the wild. Hacking Team are most famous for their very porous client vetting procedures, and the leaked documents show sales to a number of somewhat dubious government regimes. The software[…]
Following on from posting my slides, the video recording of my talk at BSidesLondon this year is now up on Youtube – if you want to understand the issues affecting air traffic systems, and how it’s all going to get worse, you can see it below.
So a whole year has come and gone, and It’s BSidesLondon time again. This is a precursor to a more in-depth blog post about my research into exploiting and defending the Traffic Collision Avoidance System aboard aircraft by injecting false traffic into the Automated Dependent Surveillance-Broadcast system. This formed my Masters project at the University[…]
So I was given the amazing opportunity to speak at Security BSides London (A security Conference) this Tuesday (29th April). BSides is a free to attend, community security conference run annually – if you want to look at the talks that were on, check out their website: https://www.securitybsides.org.uk/ I gave a talk on engaging university students[…]
As you are probably already aware, a certain person decided to smear a large number of highly classified documents over the internet. Part of these documents however included the ‘ANT’ Hardware Catalogue. ANT is a division of the NSA responsible for developing hardware devices and software for use by the ‘Tailored Access Operations’ division. The[…]
Over the last couple of weeks, I’ve been working through the excellent resource “Practical Malware Analysis – the hands on guide to Dissecting Malicious Software” (available from most good book retailers – http://www.amazon.co.uk/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901). There’s actually an example chapter at (http://www.nostarch.com/download/samples/practical-malware-analysis_ch12.pdf) For anyone who’s unsure exactly what the term ‘Malware’ encompasses (as it’s pretty broad) Wikipedia[…]
So I’m now into the post-exam season, but i’ve maintained the smorgasbord of projects that were put on hold for my degree. For those SCADA enthusiasts amongst you, i’ve been attempting to verify some potential Zero-Day exploits before I publish the sequel to my last post. More news on that later potentially. However, I’ve spent[…]
Occasionally, I go through my spam folder to see if there’s anything interesting inside. Previously i’ve found some cool Malware samples and new attack methods this way. One of these emails was obviously spam, obviously sent by a hi-jacked email account. I thnik its best choose;) http://coach-parenting.com/reply.santa37.php?jpycjvylilexer So obviously, we go and click the link.[…]