RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | PRESENTATION, VIDEO | January 21, 2020

Secure Design and Secure System Architecture Webinar Series

Brook Schoenfield, author, Master Security Architect and Director of Advisory Services for IOActive, will be sharing deep insights to Secure Design, and Security Systems Architecture concerns in this four-part webinar series. Brook will cover Threat Modeling, DevOps Security, and the myriad challenges facing Secure Design implementations.

access the videos
Brook S.E. Schoenfield
Library | WHITEPAPER | August 7, 2019

Arm IDA and Cross Check: Reversing the 787’s Core Network

In 2008, the Dreamliner was presented as the world’s first e-Enabled commercial airplane. Boeing certainly introduced an impressive new set of functionalities, enabling the vast majority of the components to be highly integrated with and connected to regular systems, such as onboard maintenance, data-load, and the Crew Information System. IOActive has documented our detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or…

Launch PDF
Ruben Santamarta
Library | PRESENTATION, VIDEO | April 25, 2019

Critical Infrastructure: Hack the Smart City

Cesar Cerrudo, CTO, IOActive, provides a webinar presentation on the ever-growing risks of using technology that enables smart cities. With the advancement of information, communication, and IoT technologies, come new vulnerabilities, and opportunities for cyber attacks, resulting in disruption and denial of services.

access the video
Cesar Cerrudo
Library | PRESENTATION, VIDEO | April 16, 2019

Application Security: Security Testing Stock Trading Applications

In this two-part webinar series, Alejandro Hernandez, IOActive Senior Security Consultant, provides insight to security testing stock trading applications. Part 1 gives an overview of stock trading platforms technology and risks, and application security testing, and Part 2 provides a deeper dive into the technical aspects of the application security testing methods and discoveries.

access the videos
Alejandro Hernandez
Library | PRESENTATION, VIDEO | April 3, 2019

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments.  He delves deeply into the pertinent details of: industry definitions of what a supply chain is; potential supply chain disruptions; real-world examples of attacks; various approaches to ensuring supply chain integrity; and  thoughts on solutions and what can be done.

access the video
Library | INSIGHTS | October 17, 2018

Smart Cities: Cybersecurity Worries

Infodocument providing a visual exploration into the growing security concerns of smart city technologies. Featuring detail to the myriad technologies, problems, threats, possible targets, as well as current examples of cities having experienced attacks.

access the infodoc
Cesar Cerrudo
Library | WHITEPAPER | September 25, 2018

Commonalities in Vehicle Vulnerabilities

With the connected car becoming commonplace in the market, vehicle cybersecurity continues to grow more important every year. At the forefront of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity threats today’s vehicles face.

Access the PDF
Josh Hammond
Library | PRESENTATION | September 12, 2018

Reverse Engineering & Bug Hunting on KMDF Drivers

Enrique Nissim’s presentation from 44CON. September 12, 2018. The focus will be on finding bugs and not on exploitation. This will highlight interesting functions and how to find them. See MSDN and references for full details on KMDF.

view presentation
Enrique Nissim
Library | WHITEPAPER | August 10, 2018

Last Call for SATCOM Security

Revisiting the original research by Ruben Santamarta ‘Wake Up Call for SATCOM Security‘ – this research update comprehensively details three real-world scenarios involving serious vulnerabilities that affect the aviation, maritime, and military industries. The vulnerabilities include backdoors, insecure protocols, and network misconfigurations. This white paper elaborates the approach and technical details of these vulnerabilities, which could allow remote attackers, originated from the Internet, to take control of: Airborne SATCOM equipment on in-flight commercial aircraftsEarth Stations on Vessels, including AntennasEarth Stations used by the US Military in conflict zones

Access the PDF

Ruben Santamarta
Library | WHITEPAPER | August 7, 2018

Are You Trading Stocks Securely?

Exposing Security Flaws in Trading Technologies. The days of open outcry on trading floors of the NYSE, NASDAQ, and other stock exchanges around the globe are gone. With the advent of electronic trading platforms and networks, the exchange of financial securities now is easier and faster than ever; but this comes with inherent risks.

Access the PDF
Alejandro Hernandez

Commonalities in Vehicle Vulnerabilities

2022 Decade Examination Update | With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face.

This analysis is a major update and follow-up to the vehicle vulnerabilities report originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver current data and discuss how the state of automotive cybersecurity has progressed over the course of 10 years, making note of overall trends and their causes.

ACCESS THE REPORT


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS