Explore >> Select a destination
|
You are here 
|
team-atlanta.github.io | ||
| | | | |
www.trailofbits.com
|
|
| | | | | [AI summary] The text discusses various cryptographic constructions and their vulnerabilities. It highlights the importance of using established cryptographic primitives like HMAC, KMAC, and modern password-based key derivation functions (PBKDFs) instead of ad-hoc solutions. Key points include the risks of ambiguous encoding in MAC and hash functions, length-extension attacks, and the need for memory-hard KDFs to resist brute-force attacks. The text also touches on the broader implications of cryptographic design, emphasizing the necessity of rigorous standards and avoiding simplistic approaches that can lead to significant security weaknesses. | |
| | | | |
blog.thalium.re
|
|
| | | | | [AI summary] The blog post discusses the author's experience in vulnerability research and exploitation targeting Steam and its related products, including Steam Link and Remote Play. It covers various vulnerabilities such as format string vulnerabilities, request forgery, heap overflows, and a remote code execution (RCE) exploit. The author also details their interactions with HackerOne and Valve, highlighting the challenges in getting timely responses and the eventual resolution of the reported issues. | |
| | | | |
blog.quarkslab.com
|
|
| | | | | Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip. | |
| | | | |
blog.bushidotoken.net
|
|
| | | CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security | ||
