Trivial Vulnerabilities, Big Risks
IOActive case study detailing the trivial vulnerabilities with big risks for the users of the Brazilian National Justice Council Processo Judicial Eletrônico (CNJ PJe) judicial data processing system.
IOActive Corporate Overview
Research-fueled Security Assessments and Advisory Services IOActive has been at the forefront of cybersecurity and testing services since 1998. Backed by our award-winning research, our services have been trusted globally by enterprises and product manufacturers across a wide variety of industries and in the most complex of environments. Tailored to meet each unique organization’s requirements, IOActive services offer deep expertise and insight from an attacker’s perspective.
IOActive Red and Purple Team Service
Building Operational Resiliency Through Real-world Threat Emulation. Who better to evaluate security effectiveness – compliance auditors or attackers? Vulnerability assessments and penetration tests are critical components of any effective security program, but the only real way to test your operational resiliency is from an attacker’s perspective. Our red and purple teams bring you this insight through full threat emulation, comprehensively simulating a full range of specific attacks against your organization – cyber, social, and physical.We can provide or advise on the creation of continuous, independent, and customized real-world attacker-emulation services…
IOActive Services Overview
Security services for your business, situation, and risks. With our breadth and depth of services offerings across more environments than any other firm today, we can deliver specific, high-value recommendations based on your business, unique situation, and the risk you face. We are a pure-play security services provider, offering services across the spectrum to include: cybersecurity advisory, full-stack security assessments, SDL, red/purple team and security team development (training) services.
LoRaWAN Networks Susceptible to Hacking: Common Cyber Security Problems, How to Detect and Prevent Them
LoRaWAN is fast becoming the most popular wireless, low-power WAN protocol. It is used around the world for smart cities, industrial IoT, smart homes, etc., with millions of devices already connected. The LoRaWAN protocol is advertised as having “built-in encryption” making it “secure by default.” As a result, users are blindly trusting LoRaWAN networks and not paying attention to cyber security; however, implementation issues and weaknesses can make these networks easy to hack. Currently, cyber security vulnerabilities in LoRaWAN networks are not well known, and there are no existing tools…
Arm IDA and Cross Check: Reversing the 787’s Core Network
In 2008, the Dreamliner was presented as the world’s first e-Enabled commercial airplane. Boeing certainly introduced an impressive new set of functionalities, enabling the vast majority of the components to be highly integrated with and connected to regular systems, such as onboard maintenance, data-load, and the Crew Information System. IOActive has documented our detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or…
Smart Cities: Cybersecurity Worries
Infodocument providing a visual exploration into the growing security concerns of smart city technologies. Featuring detail to the myriad technologies, problems, threats, possible targets, as well as current examples of cities having experienced attacks.
Commonalities in Vehicle Vulnerabilities
With the connected car becoming commonplace in the market, vehicle cybersecurity continues to grow more important every year. At the forefront of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity threats today’s vehicles face.
Reverse Engineering & Bug Hunting on KMDF Drivers
Enrique Nissim’s presentation from 44CON. September 12, 2018. The focus will be on finding bugs and not on exploitation. This will highlight interesting functions and how to find them. See MSDN and references for full details on KMDF.
Last Call for SATCOM Security
Revisiting the original research by Ruben Santamarta ‘Wake Up Call for SATCOM Security‘ – this research update comprehensively details three real-world scenarios involving serious vulnerabilities that affect the aviation, maritime, and military industries. The vulnerabilities include backdoors, insecure protocols, and network misconfigurations. This white paper elaborates the approach and technical details of these vulnerabilities, which could allow remote attackers, originated from the Internet, to take control of: Airborne SATCOM equipment on in-flight commercial aircrafts Earth Stations on Vessels, including Antennas Earth Stations used by the US Military in conflict…