RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS, RESEARCH | January 14, 2025

Novel Invasive Attack on One-Time-Programmable Antifuse Memory

Antifuse-based OTP Memory Attack May Compromise Cryptographic Secrets Complementary metal-oxide semiconductor (CMOS) one-time programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits (ICs) because they are inexpensive and require no additional mask steps to fabricate. The RP2350 uses an off-the-shelf Synopsys antifuse memory block for storing secure boot keys and other sensitive configuration data. Despite antifuses being widely considered a ”high security” memory—which means they are significantly more difficult…

Blogs | INSIGHTS, RESEARCH | December 18, 2024

Understanding Logits And Their Possible Impacts On Large Language Model Output Safety

With AI technology moving forward at lightning speed, getting to grips with how language models work isn’t just for tech experts anymore—it’s becoming essential for everyone involved. As we explore AI, we come across terms and ideas that might seem complicated at first but are key to how these powerful systems behave. One such important concept is the “logit” But what exactly is a logit? In the context of large language models, a logit represents the raw, unprocessed output of a model before it’s turned into a probability. Coined by…

Ehab Hussein
Blogs | INSIGHTS | December 16, 2024

Red Teaming in 2025 & Why You Need One More Than Ever

Find out why you need a Red Team Service in 2025 and what to watch out for. New threat actors, AI attacks, and more. What’s on the horizon for 2025? The holidays are upon us, but threat actors won’t be giving any respite to the defenders tasked with protecting organizations, whether or not it is the season of good cheer. The last year has been incredibly challenging for many organizations with data breaches, global IT outages, new and dangerous vulnerability discoveries, and a persistent shortage of cybersecurity talent impacting business…

IOActive
Blogs | INSIGHTS, RESEARCH | December 3, 2024

Building Management Systems: Latent Cybersecurity Risk

Manage the Cybersecurity Risks of your BMS Building management systems (BMS) and building automation systems (BAS) are great innovations, but present latent cybersecurity and operational risks to organizations. The consequences of a cyberattack on a BMS or BAS could result in operational disruption from the denial of use of the building. Over the past decade, there have been several examples of attacks on BMS and components. Weaponization and operationalization of vulnerabilities in BMS by threat actors with tools such as ransomware is likely to occur in the next three years….

John Sheehy
Blogs | INSIGHTS | October 29, 2024

Inside IOActive’s Innovative Key Fob Badge for DEF CON 2024’s Car Hacking Village – Part 3/3

This is Part-3 of a 3-Part Series. Check out Part-1 here and Part-2 here. This is the third in a series of three posts in which I break down the creation of a unique key fob badge for the 2024 Car Hacking Village (CHV). Part 1 is an overview of the project and the major components; I recommend that you begin there. In Part 2 I discussed some of the software aspects and the reasoning behind certain decisions. Background Before I discuss…

Ivan Reedman
Blogs | INSIGHTS | October 25, 2024

Inside IOActive’s Innovative Key Fob Badge for DEF CON 2024’s Car Hacking Village – Part 2/3

This is Part-2 of a 3-Part Series. Check out Part-1 here and Part-3 here. This is the second in a series of three posts in which I break down the creation of a unique key fob badge for the 2024 Car Hacking Village (CHV). Part 1 is an overview of the project and the major components; I recommend you begin there. In this post, I’ll discuss some of the software aspects and the reasoning behind certain decisions. This blog covers several high-level…

Ivan Reedman
Blogs | INSIGHTS | October 23, 2024

Inside IOActive’s Innovative Key Fob Badge for DEF CON 2024’s Car Hacking Village – Part 1/3

This is Part-1 of a 3-Part Series. Check out Part-2 here and Part-3 here. IOActive recently sponsored the DEF CON 2024 Car Hacking Village (CHV) by designing one of the exclusive badges sold at the event. This took the form of a key fob badge that mirrors the functionality of everyday car key fobs, which support keyless entry and keyless start, also known as Passive Entry Passive Start (PEPS). This post kicks off a three-part series explaining the creation of this unique…

Ivan Reedman
Blogs | INSIGHTS, RESEARCH | October 15, 2024

Getting Your SOC SOARing Despite AI

It’s a fact: enterprise security operations centers (SOCs) that are most satisfied with their investments in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) operate and maintain less than a dozen playbooks. This is something I’ve uncovered in recent years whilst building SIEM+SOAR and autonomous SOC solutions – and it perhaps runs counterintuitive to many security leaders’ visions for SOAR use and value. SOAR technology is one of those much-touted security silver bullets that have tarnished over time and been subsumed into broader categories of…

Gunter Ollmann
Blogs | INSIGHTS, RESEARCH | October 2, 2024

Potential Integrated Circuit Supply Chain Impacts from Hurricane Helene

The damage caused by Hurricane Helene in Spruce Pine will likely cause disruptions at the start of the microchip and integrated circuit (IC) supply chain by preventing the mining and distribution of high purity quartz until the mines and local transportation networks are fully repaired. BACKGROUND Hurricane Helene Impacts In late September 2024, Hurricane Helene impacted the Caribbean, Florida, Georgia, Tennessee, North Carolina and other southeastern states in the United States[1]. Its impacts varied widely depending on location and the associated exposure to the primary…

John Sheehy
Blogs | INSIGHTS, RESEARCH | September 4, 2024

About to Post a Job Opening? Think Again – You May Reveal Sensitive Information Primed for Cybersecurity Attacks

People are always on the move, changing their homes and their workspaces. With increasing frequency, they move from their current jobs to new positions, seeking new challenges, new people and places, to higher salaries. Time and hard work bring experience and expertise, and these two qualities are what companies look for; they’re looking for skilled workers every single day, on multiple job search and recruiting platforms. However, these job postings might reveal sensitive information about the company that even the most seasoned Human Resources specialists don’t notice. Job posting websites…

Alejandro Hernandez