| Hacking Millions of Modems (and Investigating Who Hacked My Modem) |
|
|
|
| Nom for Security: A Proactive Security Review of Nomulus |
|
|
|
| Jumpserver Preauth RCE Exploit Chain |
|
|
|
| Finding vulnerabilities in Swiss Post's e-voting system: part 3 |
|
|
|
| Hi Meta, WhatsApp with privacy? |
|
|
|
| Attack of the week: Airdrop tracing |
|
|
|
| Hacking ISP CPE equipment: FiberHome |
|
|
|
| Terrapin Attack |
|
|
|
| Attacking Go's Lagged Fibonacci Generator |
|
|
|
| Reversing 'France Identité': the new French digital ID. |
|
|
|
| “Please do not make it public” - Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping |
|
|
|
| All your parcel are belong to us – Talk at Troopers 2023 |
|
|
|
| Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489) |
|
|
|
| On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones |
|
|
|
| Testing a new encrypted messaging app's extraordinary claims |
|
|
|
| Sorting Your Way to Stolen Passwords |
|
|
|
| Account Take Over (Via an API) |
|
|
|
| Beware of Java's String.getBytes |
|
|
|
| A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithms |
|
|
|
| Caveat Implementor! Key Recovery Attacks on MEGA |
|
|
|
| GitHub Security Lab audited DataHub: Here’s what they found |
|
|
|
| Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise |
|
|
|
| Cracking The Odd Case Of Randomness In Java |
|
|
|
| Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI |
|
|
|
| Better Make Sure Your Password Manager Is Secure |
|
|
|
writeups.xyz
/
Cryptographic Issues