2023년 국내외를 뜨겁게 달군🔥 보안 사건 사고를 총정리했습니다! 🛑 #ChatGPT, #Fortinet, #MSAzure 의 보안 취약점 🛑 #랜섬웨어, 해킹 집단의 공격 소식 🚧 각 사건마다 해결한 대처 방법 등 티오리 미디엄 블로그에서 확인해 보세요! link.medium.com/EmWjd3fYcBb #티오리 #보안사고 #인사이트

First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! lock.cmpxchg8b.com/zenbleed.html

Hello everyone, today I have uploaded the second post on using The Triton library for analyzing a challenge from hacklu from 2 years ago: farena.in/symbolic%20exe…

Check out FizzBuzz101's corCTF 2023 writeups! Exploiting the Intel sysret hardware bug + a µarch side-channel for KASLR bypass on modern Linux kernel: willsroot.io/2023/08/sysrup… Pwning ring -2 from ring 0 : willsroot.io/2023/08/smm-di… Cracking an AVX-512 VM : willsroot.io/2023/08/vmquac…

We've just published an in-depth post-mortem of the Vyper / Curve Finance attack. Join us as we unravel the critical insights, tactics involved, and lessons learned from this unique cybersecurity incident. blog.chainlight.io/curve-finance-…

Theori overtakes the DEF CON leaderboard once again! 🏆 Maple Mallard Magistrates takes 1st place at the world's largest hacking competition, DEFCON CTF. Shout out to our joint partners Maple Bacon and PlaidCTF ! Conquering the most difficult cybersecurity challenges, one at a time 😎

Poor man's guide to de-obfuscating VMProtect's : Discovery: youtube.com/watch?v=ZhQUbj…… (1/3) Resolution: youtube.com/watch?v=uxOVbG…… (2/3) Import Recontruction: youtube.com/watch?v=GvWSa6…… (3/3)

🎉 #Web3 이용자, 거래소, 프로젝트 빌더를 보호하는 통합 보안 플랫폼 ChainLight DART(Digital Asset Risk Tracker)를 런칭했습니다! DART를 통해 웹3상에 산재하는 다양한 취약점과 위협으로부터 보호받으세요. 아래 링크를 눌러 DART에 접속할 수 있습니다 👇 dart.chainlight.io/dashboard?utm_…

Hello, Mr. President. After winning the DEF CON CTF for two consecutive years, the Paradigm CTF, and the Dragonfly ＞|＜ CTF, ChainLight had the honor of being invited to the Blue House and conversing with South Korea's President Yoon Suk Yeol. 1/4

New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP. lock.cmpxchg8b.com/reptar.html

ألف مبروك لفريق The Duck الفائز بالمركز الثاني في مسابقة #التقط_العلم ضمن فعالية #بلاك_هات23، وجائزة 200,000 ريال 👏🏻👏🏻 NEOM Hats off to the incredible champions "The Duck"! 🎩👏 Securing the 2nd place🥈 in CTF competition at #BHMEA23

🚨Breaking news from the lab: Finding the Hidden Threats Posed by Dead and Vulnerable Code Primitives Our REsearch team highlights the widespread risk of legacy unsafe code fragments distributed across the firmware supply chain and explains how these could lead to high-impact

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE :

I enjoyed ACSC 2024 ! It's sad that I can't go to the finals because I'm not a student. 😢

Ran priority scheduling for playing multiple ctf 🤭

I've reported several bootloader vulnerabilities to Samsung, and these were patched last June

Fav chall: Helium implements ephemeral key exchange through slightly modified libhydrogen. The most painful but fun part was analyzing whole inlined sse3 functions and identifying modified algorithms. After exchanging the key, we can read the flag via arbitrary file read vuln😋

gg

missed firstbloods 🥲

Recently, Back Engineering Labs released the crackme obfuscated by the CodeDefender and I reversed the binary: gist.github.com/5unKn0wn/24fa0…. The crackme implemented modified SipHash24, and the goal is to find the input that matches the hash. The obfuscation was nice and quite a challenge !