UEFI is the new BIOS
Learn about UEFI reverse engineering and exploit development so that you too can build the skills necessary to find and exploit UEFI bugs, understand common UEFI vulnerabilities, and better secure the firmware security supply chain.
The Unexpected Benefits of Threat Modeling
Threat modeling is a disciplined approach to technology design that identifies security threats and design constraints to prevent security flaws before they manifest in your platform.
Bypassing SSRF Filters Using r3dir
We demonstrate how to use the r3dir tool to bypass some SSRF filters. r3dir is a convenient redirection service made for SSRF filter bypasses.
CVE-2024-31735: LibEvent Library Memory Leak
A memory leak in the LibEvent Library v2.1.12-stable allows an attacker to cause a denial of service (DoS).
Vulnerability Research and the Importance of Supporting Young Talent
This is a story with a happy ending where we were able to get back to the collaboration from the early open disclosure days, utilize modern practices to ensure responsible handling of the information, and allow a young person to make a positive contribution to infosec.
TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.