Explore >> Select a destination
|
You are here 
|
blog.trailofbits.com | ||
| | | | |
www.trailofbits.com
|
|
| | | | | [AI summary] The text discusses various cryptographic constructions and their vulnerabilities. It highlights the importance of using established cryptographic primitives like HMAC, KMAC, and modern password-based key derivation functions (PBKDFs) instead of ad-hoc solutions. Key points include the risks of ambiguous encoding in MAC and hash functions, length-extension attacks, and the need for memory-hard KDFs to resist brute-force attacks. The text also touches on the broader implications of cryptographic design, emphasizing the necessity of rigorous standards and avoiding simplistic approaches that can lead to significant security weaknesses. | |
| | | | |
xvnpw.github.io
|
|
| | | | | A practical exploration of how well reasoning LLMs identify vulnerabilities in real-world code, comparing results across models and against a traditional SAST tool (Semgrep). | |
| | | | |
blog.thalium.re
|
|
| | | | | [AI summary] The blog post discusses the author's experience in vulnerability research and exploitation targeting Steam and its related products, including Steam Link and Remote Play. It covers various vulnerabilities such as format string vulnerabilities, request forgery, heap overflows, and a remote code execution (RCE) exploit. The author also details their interactions with HackerOne and Valve, highlighting the challenges in getting timely responses and the eventual resolution of the reported issues. | |
| | | | |
fieldeffect.com
|
|
| | | Learn more about cybersecurity frameworks, including three key reasons why compliance is important, and several key cybersecurity frameworks to know about. | ||
