Memory corruption in JCRE: An unpatchable HSM may swallow your private key hardenedvault.net/blog/2023-04-1… #hsm #javacard #wallet

Weak Sesstion Ticket Encryption Keys strike again: upb-syssec.github.io/blog/2023/sess…

Anybody already in Heidelberg TROOPERS Conference on sunday evening and up to a little meetup? :)

Extremely proud to announce some of the research I/we have been conducting over the last few months at the Hardware Security Research lab at Technology Innovation Institute. This is my first vulnerability and public CVE (CVE-2023-35818). Security advisory by the manufacturer: espressif.com/sites/default/…

Massively under-reported science story because there's so much going on right now but...it turns out that we might have figured out what's causing this very scary spike. Quick thread, on how WE'VE BEEN ACCIDENTALLY GEOENGINEERING FOR DECADES...but then we stopped:

I've just released a new version of MifareClassicTool 🎉 Also, we just reached 4000+ stars on Github. 🌟 Wasn't really fun to program, but necessary. Lot's of compatibility fixes and you can now change the language and theme. Have a great 2024!

Nice Introduction to embedded systems security and TrustZone Credits Dimitrios Slamaris embeddedsecurity.io #trustzone #cybersecurity

Reverse engineering of AES protected USB flash drives Excellent research Matthias Deeg blog.syss.com/posts/hacking-… blog.syss.com/posts/hacking-… #hardware #infosec #aes

ARM Exploitation - Defeating DEP - executing mprotect() : blog.3or.de/arm-exploitati… ARM Exploitation - Defeating DEP - execute system() : blog.3or.de/arm-exploitati… ARM Exploitation - Setup and Tools : blog.3or.de/arm-exploitati… ARM Exploitation: Return oriented Programming (Building

Embedded Systems Security and TrustZone : embeddedsecurity.io credits Dimitrios Slamaris

Excellent introduction guide to ARM TrustZone and embedded systems security by Dimitrios Slamaris embeddedsecurity.io #trustzone #infosec

New Blog post: Understanding Primary Refresh Tokens and CVE-2021-33779: How "Pass-the-PRT" was eliminated blog.3or.de/understanding-…

PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥 blog.orange.tw/2024/06/cve-20…

if you're interested in securing embedded applications, this introduction to ARM Trustzone by Dimitrios Slamaris is insanely good: embeddedsecurity.io/sec-tz-basics

Low Level Dimitrios Slamaris that was such a good read, super well explained. will need to have a look at the other chapters, too thanks for sharing!

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…