With just a little bit of money, you can perform a power analysis on a target. Learn more in Kudelski Security’s Baldanos latest #ResearchBlog article Power (Analysis) to the People. hubs.ly/H0lhLB_0

Organizations still have a #password problem. In his latest post,Kudelski Security’s Nils Amiet dives into #FIDO2, specifically on the topics of #attestations, #trustmodel, and #security. Read it here. hubs.ly/H0m-N2q0

Un article très intéressant de Kudelski Security. L'équipe de chercheurs de Kudelski y décrit le modèle de sécurité de #FIDO2 et aborde des sujets avancés au cœur du protocole tels que les attestations. #cybersecurity #trust research.kudelskisecurity.com/2020/02/12/fid…

#DifferentialPrivacy provides a measurable way to balance privacy & data accuracy when publicly releasing aggregate data on private datasets. Kudelski Security’s Nils Amiet’s latest blog is a hands-on, applied, comparison of several popular libraries hubs.ly/H0nwj1M0

Did you miss #PassTheSALT? That’s okay. In his latest blog post, you can view Nils’ slides and even watch a recording of his talk on replacing #passwords with #FIDO2. Click here. hubs.ly/H0shc8R0

Today we released oramfs, a simple, flexible, Free Software ORAM implementation for Linux written in Rust hubs.ly/H0Rj2hj0 Join us on Wednesday July 7th at 4:10pm CEST when we present oramfs at #pts21 #Linux #OpenSource

It's always a rarity when we find a really good manual on smart contract hacking. Today, we have such a manual for you! 👉 dl.acm.org/doi/fullHtml/1… - Blockchain Vulnerabilities in Practice.

It's now possible to detect and fix security issues with Semgrep’s Autofix feature as long as the rule that matched is autofix-capable. Check out some real-world examples in Kudelski Security Nils Amiet’s latest blog post: kdlski.co/3qlraFf #semgrep #autofix #securityissues

⚡Tech Speaker Alert! 🧠GPG memory #Forensics 💡Nils & Sylvain Sylvain Pelissier (Kudelski Security) will demonstrate techniques to retrieve #passphrases & #encryption keys from a memory dump 😎Join us➡️bit.ly/34cBbMC #NullconBerlin2022 #Infosec

Based on their presentation at SSTIC, Kudelski Security’s Sylvain Pelissier and Nils Amiet latest blog post covers GPG and whether it resists memory forensics. Read more: kdlski.co/3Oh3eMb

The Kudelski Security Research Team discovered a novel attack on ECDSA that they call Polynonce and applied it to datasets like Bitcoin and Ethereum networks. Are private jets in their future? Details and open-source tools to test the attack here: kdlski.co/3kIc7p2

AI coding assistants: development utopia or buggy nightmare? As Nathan Hamiel paper shows, it all depends on understanding the risks and mitigating them. Click the link and read on: kdlski.co/3F3Bus1 #risks #ChatGPT #Copilot

Today I’m happy to announce a new paper Addressing Risks from AI Coding Assistants. A realistic look at tools like #GitHub #Copilot and #ChatGPT for development tasks, outlining the risks and providing mitigation advice for security and development teams. resources.kudelskisecurity.com/en/kudelski-se…

Last week during ph0wn we gave a workshop about Security Keys with tmlxs. Here are the slides: cybermashup.files.wordpress.com/2023/11/yubike…

Introducing Fuzzomatic. A Python based fuzzer for Rust that uses AI assistance, allowing for completely from scratch fuzzing. Fuzzomatic has a few tricks up its sleeve, too. It can perform fixes and parse various artifacts to generate fuzz targets. research.kudelskisecurity.com/2023/12/07/int…

Kudelski Security's tmlxs releases the code behind his latest project, Fuzzomatic — an automated fuzz target generator and bug finder meticulously crafted for Rust projects, written in Python! kdlski.co/3RcdKHz #Fuzzing #Python #Rust #AI

🦀 Using AI to Automatically Fuzz Rust Projects from Scratch New tool, Fuzzomatic, can automatically generate fuzz targets for Rust Language projects → Found at least one bug in 14 projects (38%) Code: github.com/kudelskisecuri… By Kudelski Security research.kudelskisecurity.com/2023/12/07/int…

Glad to see our AI-powered fuzzing work inspire research community to try this on Rust targets successfully ($3, 14 bugs, 34 fuzzers in 37 projects). Wait on some of our new results on Gemini! research.kudelskisecurity.com/2023/12/07/int…

Here is our detailed write-up of the CodeRabbit vulnerability, one of the vulnerabilities tmlxs and I highlighted in our @blackhatevents USA presentation. This is the one where we had access to a million repositories. We show how to go from PR to RCE. A patient attacker could

In this cautionary tale of averting a large-scale supply chain attack, a follow-up to Kudelski Security researchers tmlxs and Nathan Hamiel’s Black Hat USA presentation, we detail our RCE on CodeRabbit’s production servers and write access to 1m repos. kdlski.co/4oIvuKs