The Bad Guys Win – Analysis of 10,000 Magecart Vulnerabilities
Magecart is the common name for an attack in which hackers compromise 3rd party Javascript code to steal information from
Read moreMonth: January 2022
AIModel-Mutator: Finding Vulnerabilities in TensorFlow
Like other software, machine learning frameworks could contain vulnerabilities. Various advanced machine learning frameworks, such as Tensorflow, Pytorch, PaddlePaddle, etc.
Read moreHTTP/2: The Sequel is Always Worse
HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero security implications for the website
Read moreZen and the Art of Adversarial Machine Learning
Machine learning has so far been relatively unchecked on its way to world domination. As the high pace of ML
Read moreVulnerability Intelligence
Attend a talk to learn tips to navigate the jungle of the vulnerabilities scene. Most likely the oldest task of
Read moreWindows Defender – Demystifying and Bypassing ASR by Understanding the AV’s Signatures
Windows Defender is the Windows’ built-in antivirus software, giving it a place in most information systems. But still, its signature
Read moreReCertifying Active Directory Certificate Services
Microsoft’s Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has unfortunately flown under
Read moreFrom Coordinated Disclosure to Cooperative Vulnerability When Dealing w/ Critical Software Stacks
When it comes to critical software stacks (like embedded network libraries or real-time OSs), is it time to change the
Read moreTeamTNT: Explosive Cryptomining
Since the introduction of Amazon Web Services (AWS) there has been a steady migration from on-premise to cloud deployments. Misconfigured
Read moreGreetings from the ’90s: Exploiting the Design of Industrial Controllers in Modern Settings
…In this talk we will introduce a novel exploitation vector, one previously unconsidered in existing works. More specifically, we will
Read more