Can a Fuzzer Match a Human?

Compilers are programs that translate programs written in a high level programming language into machine code. The Solidity compiler accepts smart contracts written in the Solidity programming language and generates optimized Ethereum virtual machine (EVM) bytecode. There are multiple components of the compiler that can introduce security issues: the optimiser and the code generator being […]

ICEFALL – Revisiting a Decade of OT Insecure-by-Design Practices

More than a decade ago, Project Basecamp highlighted how many OT devices and protocols deployed in a wide variety of industries and critical infrastructure applications were insecure-by-design. Ever since, it’s been common knowledge that one of the biggest issues facing OT security is not so much the presence of unintentional vulnerabilities but the persistent absence […]

COMMSEC LAB: Template Injection On Hardened Targets

During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution. At the end of the talk, he recommended running application in containers with limited privileges and read-only file system. Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated […]

Faking at Level 1 – How Digital Twins Save Your PLCs

Every year, numerous big and small incidents in industrial environments, like power plants, factories, or food supply find their way into newspapers. All those affected industries are backed by highly branched and historically grown Operational Technology (OT) networks. A big portion of such incidents would have been avoidable, if network segmentation was done correctly and […]

Fuzzing the MCU of Connected Vehicles for Security and Safety

With the development of Smart Connected Vehicles in recent years, there have been more and more attacks against Connected Vehicles. Although the EEA (electrical and electronic architecture) of Connected vehicles has undergone great changes in recent years, the EEA of various manufacturers is also different. However, hackers’ attack target has not changed, it is still […]

API Security Through External Attack Surface Management

It is hard to protect what you cannot see. So many times, organizations are not aware of all their assets, including APIs. They prepare to have their Internet-exposed application assessed during pentests but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, […]

Import Library, Import Liability: Analyzing Information Collection of Third-party SDKs

User data protection regulations in most countries and regions have clear requirements for the collection of personal information. Apps must declare reasonable use scenarios and obtain the user’s consent when collecting relevant data. Many enterprises have invested greatly to guarantee the privacy policy compliance of their apps. However, it is still a challenging problem when […]

The Ransomware Protection Full Of Holes

In the fall of 2017, in response to the WannaCry outbreak, Microsoft implemented Ransomware Protection in Windows 10 as a countermeasure. The basis of Ransomware Protection of Windows is Controlled Folder Access, but this feature is full of holes and many researchers have pointed out various flaws. However, Microsoft says that it is a Defense-in-depth […]

Suborner: Windows Bribery for Invisible Persistence

Whenever an attacker is trying to persist the access on a compromised machine, the first offensive approach usually involves the creation of a new identity. Nevertheless, this may not work easily under hardened environments with diverse detection mechanisms against common attack vectors. What if we “suborn” Windows to create our own hidden account that will […]

Browser Hacking with ANGLE

This presentation gives the basic knowledge of the ANGLE project and examines how to use ANGLE in WebGL/WebGL2 of web browsers. In this talk we analyze the types of vulnerabilities and root causes that occurred in ANGLE and we analyze exploitable vulnerabilities and explain how to obtain RCE in macOS (iOS is also affected, but […]