Archives

Ever since the release of Qiling Framework in 2019, It provides reverse engineers with the best instrumentation experience across the industry. Various tools build on top of Qiling Framework for dynamic analysis purposes. But, there is one thing missing in the framework, symbolic execution. Symbolic execution is one of the most powerful strategies to automate […]

YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2013, YesWeHack was created by hackers, for hackers. We are committed to provide quality programs for our community and we are working very hard to be the best and fairest crowdsourced security platform out there. YesWeHack is not just a Bug Bounty platform. We also provide community tools and […]

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

Today’s IoT market is developing rapidly. Manufacturers are launching various products in a fairly rapid cycle, ranging from web cameras, routers, smart homes, medical equipment and automobiles to smart cities and smart factories. Its application has become an indispensable part of people’s lives, and its threat to information security is also increasing. This course will […]

Code obfuscation has become a vital tool to protect sensitive code against reverse engineering. In general, it impedes analysis by making the to-be-protected program more complex. In this hands-on lab, we have a look at two common code obfuscation techniques (opaque predicates and mixed Boolean-Arithmetic) deployed in APT malware and build tools to automatically break […]

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

As the most popular open-source cloud architecture, OpenStack uses Qemu-KVM as the virtualization implementation of its computing nodes. Therefore, the threat of vulnerabilities in Qemu is very noteworthy for cloud platform security. Although Redhat fixes a large number of vulnerabilities in Qemu every year, most of them will not affect OpenStack because they just exploit […]

Some binary fuzzing tools that automatically find software vulnerabilities use mutation capabilities which randomly generate test cases. Despite a lot of progress in mutation-based fuzzers, there is an issue of taking unnecessary time to evaluate conditional branches that compare complex inputs. As one of the ways to address this issue, Some fuzzers adopt symbolic execution […]

With the rapid development of the Internet of Things technology, many new smart scenarios have emerged in recent years, such as smart cities and smart agriculture. The popularity of these new scenarios is inseparable from the rapid development of LPWAN (low-power wide-area network). In LPWAN, the two most mainstream technologies are LoRaWAN and NB-IoT, with […]

In this talk, we present a novel class of Hybrid Application vulnerabilities associated with “Javascript bridges”.  Hybrid apps combine the features of Web applications and “native” mobile apps. First, it provides an embedded Web browser (for example, WebView on Android) that execute the app’s Web code. Second, it supplies “bridges” that allow Web code to access […]