Can a Fuzzer Match a Human
Compilers are programs that translate programs written in a high level programming language into machine code. The Solidity compiler accepts smart contracts written in the Solidity programming language and generates optimized Ethereum virtual machine (EVM) bytecode. There are multiple components of the compiler that can introduce security issues: the optimiser and the code generator being […]
Getting Clear Text Passwords from an IdP & More: Our Research Methodology
We’ve recently reported several methods to achieve several privilege escalation in Okta by getting the clear text of any employee, including super-admins + other methods to impersonate super-admins and users by admins of org units, or outsource companies. These issues were dubbed #PassBleed, and were classified by Okta as inherent operational risks of their platform. […]
Exploiting Race Condition Vulnerabilities in Web Applications
This talk deals with “race conditionsโ in web applications. From 2021 to 2022 we have seen an increase in race condition reports with huge bugbounty payouts affecting MS, AWS, Instagram and others, for example, leading to MFA-Bypass. According to MITRE it is still a big “research gap” and based on how easily race conditions are […]
Biometrics System Hacking in the Age of the Smart Vehicle
Biometric systems such as face recognition and voice-print identification are extensively used for personal identification. In recent years more and more vehicle makers have implemented facial recognition systems into the modern vehicle. However, how secure do these systems really are? In this talk, we will present some of the simple yet very practical attack methods, […]
Building an Army of Bots by Hijacking a Unicorn’s Twitter Handle
Here’s how we got access to 3207 Twitter API Keys of different organizations ranging from small-scale startups to leading unicorns. – First, we examined an unending number of Twitter API tokens and secrets being hardcoded into mobile applications by decompiling multiple apps and found that the leading use case was hardcoding Twitter Consumer Secret and […]
COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions
One of the foundational blocks of current state-of-the-art code obfuscation are Mixed Boolean-Arithmetic (MBA) expressions: those combining both integer arithmetic and bitwise operators. Such expressions can be leveraged to arbitrarily increase the data-flow complexity of targeted code by iteratively applying rewrite rules and function identities which mess the syntax while preserving its semantic behavior. They […]
Cracking Kyocera Printers
Printers are one of the most common devices in daily life which are considered rather common devices in our daily life. Their unique network location and functions determine that they are often used to process many confidential documents, making them attractive targets for APT groups. Once the printer is hacked, not only can the attacker […]
Best Practices For Simulating Execution in Malicious Text Detection
Static detection is the earliest text detection method, and it is still widely used since its birth. But in fact, the effect of static detection depends on the extraction of text features, and the dimension of the features directly determines the false positive rate and the false negative rate. The mainstream static detection methods have […]
Web3 + Scams = It’s a Match!
In 2022, there is rarely a week without a stolen JPEG worth 100K USD, yet most consumer-grade endpoint protection does not even know what a dApp looks like. Even ITSEC people do not understand or agree on what a dApp looks like or even what Web3 is. Most cryptocurrency-related scams are not sophisticated, yet they […]
MPT: Pentest In Action
Security penetration testing is more than necessary. If not all, most organisations either have their own penetration testing team in-house or they have third party pentesters. In any fast paced organisation with multiple product lines and development planning timelines, it becomes challenging for security teams to efficiently manage all these pentest activities and effectively produce […]
