On crypto conferences

View of the UCSB campus in Santa Barbara, CA, where CRYPTO is held since 1981 Created in 1981, CRYPTO has historically been the most important and most relevant crypto conference. But CRYPTO has also always been aimed at cryptographers whose job is to publish research papers, rather than cryptographers whose job is to actually secure … Continue reading On crypto conferences

Checking your Android device for known malware

Check All APK's is a set of two scripts that leverage Drozer and the VirusTotal API to check whether a phone is running applications known to be malware. This is practical during security breaches, when an analyst has to identify malicious applications among hundreds of legitimate ones.

Student Focus – WhatsApp Security

This is a guest post by Aleksandr Mylnikov, who did his semester project under JP Aumasson during his master's at EPFL, co-supervised by Prof. Arjen Lenstra. This post summarizes part of his work, thanks Alex! This part-time research project started in February 2017 and finished middle of June 2017. The goal was to understand WhatsApp's network architecture … Continue reading Student Focus – WhatsApp Security

Crypto challenge, 10 Ether of prizes

Kudelski Security is launching a new crypto challenge for Black Hat. It starts today and ends on July 25th at our private party in Las Vegas. The challenge and instructions are available at https://github.com/kudelskisecurity/cryptochallenge17. In short, here's how it works: We give you the code of a service running on some remote host. As you'll find out, … Continue reading Crypto challenge, 10 Ether of prizes

Meet Us in Vegas

For the yearly migration to the insanity of Vegas infosec and hacking conferences, we're coming with some new research that we'll present at all the three sacred sites: Black Hat, then BSides, and finally at Defcon's Crypto Village. Automated Testing of Crypto Software Using Differential Fuzzing is a joint work with Yolan Romailler, whose masters … Continue reading Meet Us in Vegas

NEW UPDATE: ‘Petya/NotPetya’ Ransomware Spreading Rapidly Around Europe and Globe

UPDATE 6/30: Microsoft Windows 10 Enterprise includes a feature called “Credential Guard”. This feature can prevent certain attacker tools from compromising administrative credentials using well known techniques such as a Pass the Hash attack. Having this feature enabled would have prevented NotPeya from harvesting local credentials to spread within a local network (one of the … Continue reading NEW UPDATE: ‘Petya/NotPetya’ Ransomware Spreading Rapidly Around Europe and Globe

Installing WireGuard, the Modern VPN

Co-authored by tmlxs and adr13n WireGuard is a network tunnel (VPN) for IPv4 and IPv6 that uses UDP.  Currently most of the code resides in the Linux kernel but cross platform implementations are under way. WireGuard features an authentication scheme similar to that of SSH, whereby the VPN server and each client have their own asymmetric key pair. Authorizing … Continue reading Installing WireGuard, the Modern VPN