Research Blog

Insights and research from our global cybersecurity team.

Filter Content

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

About four months ago, in October 2022, I was idly poking around the “ICE TEA” leak. This leak was of particular interest to me, because it happened to expose the source code for Intel’s Alder Lake platform BIOS. It’s always fun to finally get to see the code for modules…

Read more

Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads

The Cisco AnyConnect client has received a fair amount of scrutiny from the security community over the years, with a particular focus on leveraging the vpnagent.exe service for privilege escalation. A while ago, we started to look at whether AnyConnect could be used to deliver payloads during red team engagements…

Read more

March 1, 2023

9 mins read

Read more

A Primer On Slowable Encoders

There is a specific type of cryptographic transformation that arises in storage-oriented blockchains. The transformation is a “slowable” 1-1 mapping which does not involve any secrets and is tradeoff-resistant in the following sense: it should not be possible to partially compute the function, store a fraction of the function’s state…

Read more

Threat Spotlight – Hydra

This publication is part of our Annual Threat Monitor report that was released on the 8th of Febuary 2023. The Annual threat Monitor report can be found here. Authored by Alberto Segura Introduction Hydra, also known as BianLian, has been one of the most active mobile banking malware families in…

Read more

Rustproofing Linux (Part 4/4 Shared Memory)

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). Shared memory is often used to share data without the performance hit of copying. Whenever a shared resource is consumed by one component while being modified by another component, there is potential for…

Read more

Rustproofing Linux (Part 3/4 Integer Overflows)

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). In the C programming language, integer types can be a bit confusing. Portability issues can arise when the same code is used in multiple hardware architectures or operating systems. For example, int is…

Read more

Security Code Review With ChatGPT

TL;DR: Don’t use ChatGPT for security code review. It’s not meant to be used that way, it doesn’t really work (although you might be fooled into thinking it does), and there are some other major problems that make it impractical. Also, both the CEO of OpenAI and ChatGPT itself say…

Read more

Rustproofing Linux (Part 2/4 Race Conditions)

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). This post uses a simple example to demonstrate a class of vulnerability that we encounter quite frequently when auditing kernel drivers and firmware. It’s a race condition, or more precisely a TOCTOU vulnerability.…

Read more

Readable Thrift

Readable Thrift makes binary Thrift protocol messages easy to work with by converting them to and from a human-friendly format. This makes manual analysis of and tampering with binary format Thrift messages just as easy as working with plaintext protocols like HTTP. The library is implemented in Java, enabling integration…

Read more

February 8, 2023

1 min read

Read more

Building WiMap the Wi-Fi Mapping Drone

We’ve published a whitepaper about how we built WiMap, which is a Wi-Fi mapping drone.  The paper includes details of the methods used to create, from parts, a hexacopter capable of being controlled over 3/4G and equipped to perform wireless and infrastructure assessments. We’d love to hear your feedback via…

Read more

February 8, 2023

1 min read

Read more

No Results Found :(

Call us before you need us.

Our experts will help you.

Get in touch