Meet Us in Vegas

For the yearly migration to the insanity of Vegas infosec and hacking conferences, we're coming with some new research that we'll present at all the three sacred sites: Black Hat, then BSides, and finally at Defcon's Crypto Village. Automated Testing of Crypto Software Using Differential Fuzzing is a joint work with Yolan Romailler, whose masters … Continue reading Meet Us in Vegas

Distributed Fingerprinting with Scannerl

Kudelski Security is proud to announce the open-source release of Scannerl, its distributed fingerprinting tool. Scannerl Scannerl is a modular, distributed fingerprinting engine implemented in Erlang. It is to fingerprinting what zmap is to port scanning. This tool enables easily distributed fingerprinting among a large number of hosts and circumvents limitations of scale and speed, which are the principle challenges of today’s fingerprinting … Continue reading Distributed Fingerprinting with Scannerl

The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1

Since the April 14th leak of the Equation Group’s hacking tools, I have been busy testing (and decompiling / reversing) the tools, understanding and documenting capabilities, and identifying potential indicators of compromise (IOCs). My goal is to build documentation and IOCs that we at Kudelski Security (and other organizations) could leverage to identify these tools, … Continue reading The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1

How (not) to break your (EC)DSA

During an internal project pertaining to automated cryptographic testing, we discovered that many implementations don't respect standard specifications, especially signature algorithms. Let us take a deeper look into it. We will mostly discuss the DSA and ECDSA algorithms and their respective domains and parameters. It is important to know that both of those digital signature … Continue reading How (not) to break your (EC)DSA

Hunting for Vulnerabilities in Signal – Part 3

Previous posts (part1 and part2) by Markus Vervier (@marver) and myself (@veorq) were about the Java code base and the Android client, now we'll discuss two bugs potentially affecting users of libsignal-protocol-c, the C implementation of the Signal protocol. More precisely, we identified bugs in the example callback functions used in the unit tests of … Continue reading Hunting for Vulnerabilities in Signal – Part 3

Angr management: first steps and limitations

Introduction Last summer I took some time to finally learn about Z3 as I was solving some crackme (see Using Z3 to solve crackme) but in order to stay true to my hipster reputation I had to try something cooler this year: angr. This tool has already been used numerous times during CTF but rarely with a … Continue reading Angr management: first steps and limitations

Drones – A hacker’s playground

Unmanned Aerial Vehicles (UAVs) offer new perspectives, both from a civilian and a military standpoint; yet, they present vulnerabilities having the potential to lead to disastrous consequences regarding public safety if exploited successfully, as evidenced by recent hacks. These repercussions can be prevented by implementing best practices, continuously assessing the technologies used and most importantly … Continue reading Drones – A hacker’s playground