Loading...

Tag trends are in beta. Feedback? Thoughts? Email me at [email protected]

eBPF Verifier Code Review – NCC Group [pdf]

Rustproofing Linux (Part 1/4 Leaking Addresses) (2023)

Tool Release: Cartographer

State of DNS Rebinding in 2023

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

Rustproofing Linux (Part 1/4 Leaking Addresses)

NCC Group security audit for Google's One VPN service

A jq255 Elliptic Curve Specification, and a Retrospective

SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)

Writing FreeBSD Kernel Modules in Rust

Bluetooth relay attacks allow Tesla Model 3 / Y to be unlocked and driven away

Real-world stories of how we’ve compromised CI/CD pipelines

NCC Group’s Cryptopals Guided Tour

A Tour of Curve25519 in Erlang

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm

An Illustrated Guide to Elliptic Curve Cryptography Validation

WhatsApp End-to-End Encrypted Backups Audit

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

The Challenges of Fuzzing 5G Protocols

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

Cracking Random Number Generators Using Machine Learning

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1

Software Verification and Analysis Using Z3

Decrypting OpenSSH sessions for fun and profit

There’s a Hole in Your SoC: Glitching the MediaTek BootROM

Shell Arithmetic Expansion and Evaluation Abuse

CVE-2019-1381 and CVE-2020-0859 – How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability

Improving Software Security through C Language Standards

On Linux's Random Number Generation

Analysis of the Linux backdoor used in freenode IRC network compromise

More →