Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | November 8, 2011

Automating Social Engineering: Part Two

  As with any other type of penetration test, we need to gather information. The only difference here is that instead of looking for operating system types, software versions, and vulnerabilities, we’re searching for information about the company, their employees, their social networking presence, et cetera. Given that we’re performing an assessment from a corporate perspective, there are some limitations with regard to privacy and employees’ private life, but the truth is that real attackers won’t abide by such limitations. So, you should assume that any…

Matias Brutti
Blogs | INSIGHTS | November 1, 2011

Automating Social Engineering: Part One

since the original conceptualization of computer security, and perhaps even before, social engineering has been in existence. One could say that social engineering began when societies began, whether it was realized or not. It is now time to give some of this work to scripts and applications to make it a little more interesting… As the years passed in the computer security community, network penetration became more and more necessary, but computers were not the only thing getting compromised. Social engineering was part of the hacker subculture, but it was…

Matias Brutti
Blogs | INSIGHTS | October 3, 2011

Windows Vulnerability Paradox

For those who read just the first few lines, this is not a critical vulnerability. It is low impact but interesting, so keep reading.   This post describes the Windows vulnerability I showed during my Black Hat USA 2011 workshop “Easy and Quick Vulnerability Hunting in Windows”.   The Windows security update for Visual C++ 2005 SP1 Redistributable Package (MS11-025) is a security patch for a binary planting vulnerability. This kind of vulnerability occurs when someone opens or executes a file and this file (or the application used to…

Cesar Cerrudo
Blogs | INSIGHTS |

Easy and Quick Vulnerability Hunting in Windows

I’m glad to start this new blog for IOA Labs by publishing the video demonstrations and updated slides of my Black Hat USA 2011 workshop. I hope you like it, please send me your feedback, questions, etc. We will continue posting cool materials from our researchers very soon, keep tuned!

Cesar Cerrudo
Blogs | INSIGHTS | March 20, 2011

Blackhat TPM Talk Follow-up

Since speaking at BlackHat DC 2009, there have been several inquiries in regards to the security of the SLE66PE series smartcard family. Here are some issues that should be pointed out: We have heard, “ took 6 months to succeed..” The reality is it took 4 months to tackle obsticles found in any <200nm device such as: Capitance/load of probe needles when chip is running.   Powering the device inside the chamber of a FIB workstation.   Level-shifting a 1.8v core voltage following what we learned in #1 above.   Cutting out metal…

Cesar Cerrudo
Blogs | INSIGHTS | August 9, 2010

Atmel ATMEGA2560 Analysis (Blackhat follow-up)

At this years Blackhat USA briefings, the ATMEGA2560 was shown as an example of an unsecure vs. secure device.  We have received a few requests for more information on this research so here it goes… The device did not even need to be stripped down because of designer lazyness back at Atmel HQ.  All we did was look for the metal plates we detailed back in our ATMEGA88 teardown last year and quickly deduced which outputs were the proper outputs in under 20 minutes. Atmel likes to…

Cesar Cerrudo
Blogs | INSIGHTS | August 7, 2010

Parallax Propeller P8X32A Quick Teardown

Parallax has a really neat 8 core 32 bit CPU called the ‘Propeller’.  It’s been out for a few years but it is gaining popularity.  There is no security with the device as it boots insecurely via a UART or I2C EEPROM.  None the less, we thought it was interesting to see an 8 core CPU decapsulated! One can clearly see 8 columns that appear almost symmetric (except in the middle region).  The upper 8 squares are each ‘cogs’ 512 * 32 SRAMs as described in the…

Cesar Cerrudo
Blogs | INSIGHTS | August 6, 2010

Echostar v NDS appellate court ruling update

Normally, I would not mix non-technical with the blog however I thought this deserved a little more attention that it has received. The ruling which states that NDS has won the lawsuit, vindicates myself and puts Echostar owing NDS almost 18,000,000.00 USD has come down as of 2 days ago. As well I thought it nice to mention that neither Flylogic nor myself works for/or with Echostar, Nagra, NDS or any other conditional access company in any way or form. I wish all persons whom this lawsuit  effects the best…

Christopher Tarnovsky
Blogs | INSIGHTS | February 14, 2010

Infineon / ST Mesh Comparison

Given all the recent exposure from our Infineon research, we have had numerous requests regarding the ST mesh architecture and how Infineon’s design compares to the ST implementation. Both devices are a 4 metal ~140 nanometer process.  Rather than have us tell you who we think is stronger (it’s pretty obvious), we’d like to see your comments on what you the readers think! The Infineon mesh consists of 5 zones with 4 circuits per zone.  This means the surface of the die is being covered by 20 different electrical circuits. The ST mesh…

Blogs | INSIGHTS | February 12, 2010

We are now on Twitter too!

We probably should have been tweeting (sic?) for some time now but we are finally doing it! You can join/follow us here: As well, you can always get to Flylogic through or :).

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.