Credit: Michal Nowakowski Update May 16th, 2022, 1800h UTC (2PM EDT) Microsoft and the U.S CyberSecurity & Infrastructure Security Agency (CISA) recommend that organizations avoid
Practical bruteforce of AES-1024 military grade encryption
I recently presented work on the analysis of a file encryption solution that claimed to implement “AES-1024 military grade encryption“. Spoiler alert: I did not
BIG-IP iControl REST API Authentication Bypass
Credit: Yann Lehmann Update May 18th, 2022, 1800h UTC (2PM EDT) According to a recent report from the U.S. Cybersecurity and Infrastructure Security Agency (CISA)
Implementing a ZK-focused authenticated-encryption scheme
In the last few years, several practitioners have proposed zk-focused cryptographic constructions such as hashing and encryption primitives that operate on binary and prime fields
“INCONTROLLER” / “PIPEDREAM” ICS Toolkit Targeting Energy Sector
This advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedream is a collection of
Spring4Shell – A Deep Understanding (CVE-2022–22965)
(this blog-post was initially published by our colleague Mouad Kondah on Medium) On March 29, 2022, a critical Remote Code Execution vulnerability CVE-2022-22965 was disclosed
Kudelski Security Research 