I’ve been reviewing the source code of a number of blockchain thingies, both for paid audits and for fun on my spare time, and I
Meltdown & Spectre Attacks on CPU Flaws
Summary On January 3rd 2018, several hardware flaws affecting modern processors were publicly disclosed by security researchers. These flaws are exploitable by attacks nicknamed “Meltdown”
Algorithms can’t be patched
Heartbleed was a disaster, but at least the software could be patched to eliminate the vulnerability. Most of the time, like with Heartbleed, vulnerabilities in crypto
Scannerl ICS modules open-source
Scannerl is our de facto tool to perform large-scale fingerprinting campaigns. It was recently open-sourced on github and is freely available here. We are releasing
Fingerprinting MySQL with scannerl
This blog post is a walk-through on the implementation of a fingerprinting module for scannerl to identify the version of MySQL running on remote servers.
Our submission to NIST’s post-quantum project: Gravity-SPHINCS
In posts of September 25 and 28 we described several optimizations to SPHINCS, a signature algorithm that only relies on hash functions’ security, as opposed to RSA
