Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s … Continue reading Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

Whitepaper: Recognizing and Preventing TOCTOU

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 - Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered in modern code. This diverse … Continue reading Whitepaper: Recognizing and Preventing TOCTOU

Whitepaper: CA Alternative

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. CA Alternative Whitepapers 11 Feb 2015 - Braden Hollembaek Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC engineer Braden Hollembaek had a pair of interesting … Continue reading Whitepaper: CA Alternative

Whitepaper: Perfect Forward Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Perfect Forward Security Whitepaper 04 Sep 2014 - Pratik Guha Sarkar Encrypted communication channels were created so nobody could read confidential communications - this means not only during the … Continue reading Whitepaper: Perfect Forward Security

White Paper: Cryptopocalypse Reference Paper

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Cryptopocalypse Reference Paper 20 Mar 2014 - Javed Samuel Alex Stamos, Tom Ritter and Javed Samuel presented “Preparing for the Cryptopocalypse” at Black Hat 2013, looking into the latest … Continue reading White Paper: Cryptopocalypse Reference Paper

White Paper: Login Service Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Login Service Security 17 Dec 2013 - Rachel Engel Web application login services are deceptively simple to develop, leading application developers to repeat the mistakes of the past. Learning … Continue reading White Paper: Login Service Security