Cybersecurity research articles

Research TIPS WORLD ВРАЗЛИВОСТІ

Karonte – A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paperWe present our approach and the findings of this work in the following research paper:KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware [PDF]Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. To appear in […]

Research TIPS WORLD

CyberRange – The Open-Source AWS Cyber Range

This CyberRange project represents the first open-source Cyber Range blueprint in the world.This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud.This project contains vulnerable systems and a toolkit of the most powerful open-source / community edition tools known […]

Linux Research TIPS WORLD

IoT-Implant-Toolkit – Toolkit For Implant Attack Of IoT Devices

IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like environment, IoT-Implant-Toolkit is a one-stop-shop toolkit simplifies complex procedure of IoT malware implantation.In our […]

Research TIPS WORLD

ACT Platform – Open Platform For Collection And Exchange Of Threat Intelligence Information

Semi-Automated Cyber Threat Intelligence (ACT) is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT.The main objective of the ACT project is to develop a platform for cyber threat intelligence to uncover cyber attacks, cyber espionage and sabotage. The project […]

Research TIPS WORLD

IPRotate – Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request.More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ DescriptionThis extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the targeted host is then routed through the API Gateway endpoints which causes the IP to be different […]

Research TIPS WORLD

Airflowscan – Checklist And Tools For Increasing Security Of Apache Airflow

Checklist and tools for increasing security of Apache Airflow. DISCLAIMERThis project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them.ContentsThe purpose of this project is provide tools to increase security of Apache Airflow. installations. This projects provides the following tools: Configuration file with hardened settings – see hardened_airflow.cfg. […]

Research TIPS WORLD

Recsech – Tool For Doing Footprinting And Reconnaissance On The Target Web

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools . Features in tools Name Release Release Date Auto request with Proxy yes 01/05/19 Find Email […]

Research VULNERABILITIES Weekly news WORLD

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Threat Research Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to […]

CVE Hot news Research REVIEWS Weekly news WORLD

Operation ShadowHammer: a high-profile supply chain attack

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, which took place in Singapore on April 9-10, 2019. […]

Research Social netwotrks VULNERABILITIES WORLD

Is Your Baby Monitor Susceptible to Hacking?

There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats […]