Archives

Ever since the release of Qiling Framework in 2019, It provides reverse engineers with the best instrumentation experience across the industry. Various tools build on top of Qiling Framework for dynamic analysis purposes. But, there is one thing missing in the framework, symbolic execution. Symbolic execution is one of the most powerful strategies to automate […]

YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2013, YesWeHack was created by hackers, for hackers. We are committed to provide quality programs for our community and we are working very hard to be the best and fairest crowdsourced security platform out there. YesWeHack is not just a Bug Bounty platform. We also provide community tools and […]

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

As the most popular open-source cloud architecture, OpenStack uses Qemu-KVM as the virtualization implementation of its computing nodes. Therefore, the threat of vulnerabilities in Qemu is very noteworthy for cloud platform security. Although Redhat fixes a large number of vulnerabilities in Qemu every year, most of them will not affect OpenStack because they just exploit […]

Some binary fuzzing tools that automatically find software vulnerabilities use mutation capabilities which randomly generate test cases. Despite a lot of progress in mutation-based fuzzers, there is an issue of taking unnecessary time to evaluate conditional branches that compare complex inputs. As one of the ways to address this issue, Some fuzzers adopt symbolic execution […]

With the rapid development of the Internet of Things technology, many new smart scenarios have emerged in recent years, such as smart cities and smart agriculture. The popularity of these new scenarios is inseparable from the rapid development of LPWAN (low-power wide-area network). In LPWAN, the two most mainstream technologies are LoRaWAN and NB-IoT, with […]

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, with the rapid growth of cloud-native containers, several Cloud Service Providers are deploying Kubernetes in production to support customer multitenancy in their Serverless and CaaS offerings. Are they actually contain? Where is the weakness and how to exploit it? […]

Closing Note by Dhillon ‘L33tdawg’ Kannabhiran  

Electric vehicles represented by Tesla are changing the way people travel. How to safely and quickly charge electric vehicles is a problem that manufacturers of electric vehicles and charging piles need to solve. We conducted an in-depth analysis of the security of the DC fast charging communication protocol, and found many interesting findings. This talk […]