Penetration Testing of the DICOM Protocol: Real-World Attacks
Exploring the DICOM protocol from both a technical and offensive perspective, detailing various attack vectors and their potential impact. Introduction to the DICOM Protocol The Digital Imaging and Communications in Medicine (DICOM) protocol is the de-facto standard for the exchange, storage, retrieval, and transmission of medical imaging information. It is widely adopted across healthcare systems for integrating medical imaging devices, such as scanners, servers, workstations, and printers, from multiple manufacturers. DICOM supports interoperability through a comprehensive set of rules and services, including data formatting, message exchange, and workflow management. DICOM…
Red vs Purple Team, what’s the difference?
Learn the key differences between Red and Purple Teams. Explore their unique roles, strategies, and how they collaborate to strengthen an organization’s defenses against cyber threats. As cyber threats continue to escalate in complexity and scale, researchers and threat intelligence analysts have become experts in the tactics, techniques, and procedures (TTPs) employed by today’s cybercriminals. To effectively combat them, they have also learned to think like them. Purely defensive security measures are no longer adequate in building solid defenses for blocking modern-day threats. Instead, we must combine research, a thorough…
Pen Test Like a Red Teamer – Beyond the Checklist
Penetration tests (“pen tests”) are a key element of every organization’s security process. They provide insights into the security posture of applications, environments, and critical resources. Such testing often follows a well-known process: enumerate the scope, run automated scans, check for common vulnerabilities within the CWE Top 25 or OWASP Top 10, and deliver a templated report. Even though this “checklist” approach can uncover issues, it can lack the depth and creativity needed to emulate a genuine…
Understanding the Potential Risks of Prompt Injection in GenAI
GenAI tools are powerful and exciting. However, they also present new security vulnerabilities for which every business should prepare. Generative AI (GenAI) chatbot tools, such as OpenAI’s ChatGPT, Google’s Bard, and Microsoft’s Bing AI, have dramatically affected how people work. These tools have been swiftly adopted in nearly every industry, from retail to aviation to finance, for tasks that include writing, planning, coding, researching, training, and marketing. Today, 57% of American workers have tried ChatGPT, and 16% use it regularly. The motivation is obvious: It’s easy…
Preparing for Downstream Attacks on AI Systems
The tech industry must manage AI security threats with the same eagerness it has for adopting the new technologies. New Technologies Bring Old and New Risks AI technologies are new and exciting, making new use cases possible. But despite the enthusiasm with which organizations are adopting AI, the supply chain and build pipeline for AI infrastructure are not yet sufficiently secure. Business, IT, and cybersecurity leaders have considerable work to do to identify the issues and resolve them, even as they help their organizations streamline adoption in a complex global…
Threat Brief: Low-level Hardware Attacks
Low-level Hardware Attacks: No Longer an Emerging Threat As organizations have improved their cybersecurity posture, motivated attackers compensate by looking for other attack vectors to continue to achieve their objectives. Efforts to improve system and device security have produced a greater availability and reliance on hardware security features, and as component and device designers continue to innovate with new security features, attackers continue to innovate and share new tools and attack techniques. Increasingly, this means that to provide solid security posture for a component, device, or system, a full-stack perspective…
Novel Invasive Attack on One-Time-Programmable Antifuse Memory
Antifuse-based OTP Memory Attack May Compromise Cryptographic Secrets Complementary metal-oxide semiconductor (CMOS) one-time programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits (ICs) because they are inexpensive and require no additional mask steps to fabricate. The RP2350 uses an off-the-shelf Synopsys antifuse memory block for storing secure boot keys and other sensitive configuration data. Despite antifuses being widely considered a ”high security” memory—which means they are significantly more difficult…
Understanding Logits And Their Possible Impacts On Large Language Model Output Safety
With AI technology moving forward at lightning speed, getting to grips with how language models work isn’t just for tech experts anymore—it’s becoming essential for everyone involved. As we explore AI, we come across terms and ideas that might seem complicated at first but are key to how these powerful systems behave. One such important concept is the “logit” But what exactly is a logit? In the context of large language models, a logit represents the raw, unprocessed output of a model before it’s turned into a probability. Coined by…
Red Teaming in 2025 & Why You Need One More Than Ever
Find out why you need a Red Team Service in 2025 and what to watch out for. New threat actors, AI attacks, and more. What’s on the horizon for 2025? The holidays are upon us, but threat actors won’t be giving any respite to the defenders tasked with protecting organizations, whether or not it is the season of good cheer. The last year has been incredibly challenging for many organizations with data breaches, global IT outages, new and dangerous vulnerability discoveries, and a persistent shortage of cybersecurity talent impacting business…
Building Management Systems: Latent Cybersecurity Risk
Manage the Cybersecurity Risks of your BMS Building management systems (BMS) and building automation systems (BAS) are great innovations, but present latent cybersecurity and operational risks to organizations. The consequences of a cyberattack on a BMS or BAS could result in operational disruption from the denial of use of the building. Over the past decade, there have been several examples of attacks on BMS and components. Weaponization and operationalization of vulnerabilities in BMS by threat actors with tools such as ransomware is likely to occur in the next three years….