Characterizing the Raspberry Pico 2 FI countermeasures – Part 1
Let’s start by saying that the Pico 2 – or more specifically, the RP2350 MCU – is an impressive chip. It’s powerful, packed with peripherals and features (I love the PIO!), easy to use and develop with, and from a security standpoint, exceptionally well designed. After more than 10 years in chip security evaluations, I can confidently say that the RP2350 might be one of the most secure general-purpose, off-the-shelf MCUs on the market. I’ve evaluated enough chips to recognize when a system-on-chip (SoC) was designed with security in mind…
Windows 11 Upgrade – The Hardware Security Focused Refresh
Windows 10’s End of Life (EoL) is slated for October 14th, 2025. After this date, it will no longer be supported, and businesses are expected to upgrade to Windows 11; however, this upgrade is entirely unlike previous Windows upgrades in that strict hardware requirements are needed to support Windows 11. The transition from Windows 10 to Windows 11 represents a major inflection point for enterprise IT and SecOps, the hardware requirements are there to help with overall cybersecurity, as Windows moves from a primarily software security model to a best-of-both-worlds…
Accelerating Threat Assessment in Vehicle ECUs
A global automaker required a thorough, but time-constrained, threat assessment and remediation plan for its critical Gateway Electronic Control Unit (ECU). The assessment needed to cover not only the main ECU but also its networked interaction with all of the vehicle’s numerous ECUs. Having attempted to perform the assessment on its own, the manufacturer found its initial results lacked sufficient technical depth and were taking too long to report, threatening other key project timelines. They turned to IOActive to not only improve but also to accelerate the assessment process for…
Smarter Security, Leaner Budgets: IOActive & SERJON’s Approach to Cyber Optimization
Guest blog by Urban Jonson, SERJONwith John Sheehy and Kevin Harnett During my recent presentation at ESCAR USA, I shared findings from my latest research on the automotive industry’s adoption of Threat Analysis and Risk Assessment (TARA) processes to develop cybersecurity artifacts that align with regulatory requirements. The automotive TARA is a systematic process used to identify potential cybersecurity threats to vehicle systems, evaluate their likelihood and impact, and determine appropriate mitigations to reduce risk to acceptable levels. One key insight derived across numerous TARA exercises is that many organizations…
Better Safe Than Sorry: Model Context Protocol
In this blog post, we’ll delve into the world of the Model Context Protocol (MCP), an open standard designed to facilitate seamless integration between AI models and various data sources, tools, and systems. We’ll explore how its simplicity and widespread adoption have led to a proliferation of servers without basic security features, making them vulnerable to attacks. Our goal is to raise awareness about the critical need for mandatory authentication in the MCP protocol, and we believe that this should serve as a wake-up call for other standards to follow…
IOActive Autonomous and Transportation Experience and Capabilities
AUTONOMOUS AND REMOTE CONTROLLED/ACCESS TECHNOLOGY As a pioneer in the field of automotive security, in 2015 IOActive was the first company to successfully launch a remote attack on a vehicle through its telematics unit (Security Experts Hack into Moving Car and Seize Control, Remote Exploitation of an Unaltered Passenger Vehicle). For the past 5 years, IOActive has been focused on understanding Autonomous and Remote-Controlled/Access technologies and their inherent vulnerabilities and possible impacts to Functional Safety. IOActive consultants assume the posture of real-world…
Breaking Patterns: Rethinking Assumptions in Code Execution and Injection
Breaking Patterns Security solutions like Endpoint Detection and Response (EDRs) and behavioural detection engines rely heavily on identifying known patterns of suspicious activity. For example, API calls executed in a specific order, such as VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread are often indicators suspicious behaviour. In this post, we’ll explore two techniques that break traditional patterns: Self-Injection – Overwriting a method in your own process memory from within a process running a .NET Framework-managed executable. Indirect DLL Path Injection – Exploiting the Windows GUI system to implant payloads in another process without…
Penetration Testing of the DICOM Protocol: Real-World Attacks
Exploring the DICOM protocol from both a technical and offensive perspective, detailing various attack vectors and their potential impact. Introduction to the DICOM Protocol The Digital Imaging and Communications in Medicine (DICOM) protocol is the de-facto standard for the exchange, storage, retrieval, and transmission of medical imaging information. It is widely adopted across healthcare systems for integrating medical imaging devices, such as scanners, servers, workstations, and printers, from multiple manufacturers. DICOM supports interoperability through a comprehensive set of rules and services, including data formatting, message exchange, and workflow management. DICOM…
Red vs Purple Team, what’s the difference?
Learn the key differences between Red and Purple Teams. Explore their unique roles, strategies, and how they collaborate to strengthen an organization’s defenses against cyber threats. As cyber threats continue to escalate in complexity and scale, researchers and threat intelligence analysts have become experts in the tactics, techniques, and procedures (TTPs) employed by today’s cybercriminals. To effectively combat them, they have also learned to think like them. Purely defensive security measures are no longer adequate in building solid defenses for blocking modern-day threats. Instead, we must combine research, a thorough…
Pen Test Like a Red Teamer – Beyond the Checklist
Penetration tests (“pen tests”) are a key element of every organization’s security process. They provide insights into the security posture of applications, environments, and critical resources. Such testing often follows a well-known process: enumerate the scope, run automated scans, check for common vulnerabilities within the CWE Top 25 or OWASP Top 10, and deliver a templated report. Even though this “checklist” approach can uncover issues, it can lack the depth and creativity needed to emulate a genuine…