RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | November 6, 2014

ELF Parsing Bugs by Example with Melkor Fuzzer

Too often the development community continues to blindly trust the metadata in Executable and Linking Format (ELF) files. In this paper, Alejandro Hernández walks you through the testing process for seven applications and reveals the bugs that he found. He performed the tests using Melkor, a file format fuzzer he wrote specifically for ELF files.   Introduction The ELF file format, like any other file format, is an array of bits and bytes interconnected through data structures. When interpreted by an ELF parser, an ELF file makes sense, depending upon…

Alejandro Hernandez
| | May 25, 2012

Prevent Spam

Hello, to prevent the Blog from SPAM we installed a Captcha system for comments. We had to filter lots of comments a day and this takes time to read and sort. I hope that we can approve faster comments or questions for you. Thank you for your attention….your Blog Ghost

Blogs | INSIGHTS | May 24, 2012

QR Fuzzing Fun

QR codes [1] have become quite popular due to their fast readability and large storage capacity to send information. It is very easy to find QR codes anywhere these days with encoded information such as a URL, phone number, vCard information, etc. There exist tons of apps on smartphones that are able to read / scan QR codes.     The table below shows some of the most common apps and libraries for the major mobile platforms – keep in mind that there are many more apps than listed here….

IOActive

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments, focused on securing operations.

Access the presentation