It is commonly believed that simply making passwords longer makes them more secure. In reality, security hinges on entropy — the true measure of unpredictability. This article compares random‐chara...
Voltage Glitching with the Pico Glitcher and Findus
Fault injection attacks against microcontrollers can be very rewarding for attackers, if they are successful. In this article, a new hardware device for performing voltage glitching attacks, the Pi...
Hacking a Secure Industrial Remote Access Gateway
In this blog post, we describe the security analysis and the found vulnerabilities in the industrial remote access solution Ewon Cosy+.
Firmware Security: Alcatel-Lucent ALE-DeskPhone
This blog post is about an analysis of firmware security in a VoIP deskphone. This analysis ties in with our previous research and the demonstrated exploitation of zero touch deployments (see Zero ...
Introducing M.A.T
In today’s increasingly interconnected data landscape, access to external data sources is crucial for the business processes of many companies. Microsoft SQL Server, in addition to local instances,...
Introducing AzurEnum
As time goes on, organizations keep moving more and more IT assets into the cloud. More importantly, the Azure cloud plays a paramount role in the IT structure of most companies due to its merging ...
Zero Touch Pwn: Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones
In this blog post, we describe several vulnerabilities that were discovered during a security analysis of AudioCodes desk phones and Zoom’s Zero Touch Provisioning. We also discuss and demonstrate...
NetSupport RAT distributed via fake invoices
NetSupport Manager is a legitimate remote control software that is developed by a UK-based company. However, as uncovered in this analysis, the software is used in a currently active phishing campa...
The Blind Spots of BloodHound
Let’s get one thing straight: This article is not at all a dig on BloodHound.
Abusing Microsoft Teams Direct Routing
In this blog post, a practical problem and security issue when it comes to phone integration with Microsoft Teams Direct Routing is described.