3
More Annotations
A complete backup of mundosexanuncio.com
mundosexanuncio.com
Are you over 18 and want to see adult content?
2
4
Favourite Annotations
1
4
Text
IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red team
services
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL CAR HACKING: FOR POORIES TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research for IOActive COMMONALITIES IN VEHICLE VULNERABILITIES TECHNICAL WHITE PAPER © 2016 IOActive, Inc. All Rights Reserved Commonalities in Vehicle Vulnerabilities Corey Thuen Senior SecurityConsultant
HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL CAR HACKING: FOR POORIES TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research for IOActive COMMONALITIES IN VEHICLE VULNERABILITIES TECHNICAL WHITE PAPER © 2016 IOActive, Inc. All Rights Reserved Commonalities in Vehicle Vulnerabilities Corey Thuen Senior SecurityConsultant
HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive CYBERSECURITY ALERT FATIGUE: WHY IT HAPPENS, WHY IT SUCKS IOActive guest blog - Andrew Morris of GreyNoise provides insights on cybersecurity alert fatigue - what it is, why it's a problem and what can be done about it. PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A WAKE-UP CALL FOR SATCOM SECURITY IOActive, Inc. Table 1: Summary of Vulnerabilities Vendor Product Vulnerability Class Service Severity Harris RF-7800-VU024RF-7800-DU024
CAR HACKING: FOR POORIES TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research for IOActive COMMONALITIES IN VEHICLE VULNERABILITIES TECHNICAL WHITE PAPER © 2016 IOActive, Inc. All Rights Reserved Commonalities in Vehicle Vulnerabilities Corey Thuen Senior SecurityConsultant
HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL CAR HACKING: FOR POORIES TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research for IOActive COMMONALITIES IN VEHICLE VULNERABILITIES TECHNICAL WHITE PAPER © 2016 IOActive, Inc. All Rights Reserved Commonalities in Vehicle Vulnerabilities Corey Thuen Senior SecurityConsultant
HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL CAR HACKING: FOR POORIES TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research for IOActive COMMONALITIES IN VEHICLE VULNERABILITIES TECHNICAL WHITE PAPER © 2016 IOActive, Inc. All Rights Reserved Commonalities in Vehicle Vulnerabilities Corey Thuen Senior SecurityConsultant
HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive CYBERSECURITY ALERT FATIGUE: WHY IT HAPPENS, WHY IT SUCKS IOActive guest blog - Andrew Morris of GreyNoise provides insights on cybersecurity alert fatigue - what it is, why it's a problem and what can be done about it. PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. A WAKE-UP CALL FOR SATCOM SECURITY IOActive, Inc. Table 1: Summary of Vulnerabilities Vendor Product Vulnerability Class Service Severity Harris RF-7800-VU024RF-7800-DU024
PRIVILEGE ESCALATION VULNERABILITIES FOUND IN LENOVO 1 – The user starts System Update by running the tvsu.exe binary which runs the TvsuCommandLauncher.exe with a specific argument. Previously, Lenovo fixed vulnerabilities that IOActive discovered where an attacker could impersonate a legitimate caller and pass the command to be executed to the SUService service through named pipes to gain a privilege escalation. HACKING ROBOTS BEFORE SKYNET1 CYBERSECURITY INSIGHT © 2017 IOActive, Inc. All Rights Reserved Hacking Robots Before Skynet1 Cesar Cerrudo (@cesarcer) Chief Technology Officer, IOActive A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES Copyright ©2014. IOActive, Inc. The compromised ECU mentioned in the first stage typically cannot directly control safety critical features of a vehicle. IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. UNCOVERING UNENCRYPTED CAR DATA IN BMW CONNECTED APP TL; DR: Modern mobile OSes encrypt data by default, nevertheless, the defense-in-depth paradigm dictates that developers must encrypt sensitive data regardless of the protections offered by the underlying OS. This is yet another case study of data stored unencrypted, and most importantly, a reminder to developers not to leave their apps’data unencrypted.
SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, Embedi IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness ADVENTURES IN AUTOMOTIVE NETWORKS AND CONTROL UNITS Copyright ©2014. IOActive, Inc. Each ECU has a particular purpose to achieve on its own, but they must communicate with other ECUs in order to coordinate their HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, EmbediTEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. CYBERSECURITY ALERT FATIGUE: WHY IT HAPPENS, WHY IT SUCKS IOActive guest blog - Andrew Morris of GreyNoise provides insights on cybersecurity alert fatigue - what it is, why it's a problem and what can be done about it. PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The SYMANTEC WHITE PAPER Figure 2- Examples of data sets ideal for protection with VML technology Automated, Zero-day Protection for Data Vector Machine Learning has specific advantages that complement existing describing and fingerprinting technologies, IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness ADVENTURES IN AUTOMOTIVE NETWORKS AND CONTROL UNITS Copyright ©2014. IOActive, Inc. Each ECU has a particular purpose to achieve on its own, but they must communicate with other ECUs in order to coordinate their HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, Embedi IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness ADVENTURES IN AUTOMOTIVE NETWORKS AND CONTROL UNITS Copyright ©2014. IOActive, Inc. Each ECU has a particular purpose to achieve on its own, but they must communicate with other ECUs in order to coordinate their HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, EmbediTEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. CYBERSECURITY ALERT FATIGUE: WHY IT HAPPENS, WHY IT SUCKS IOActive guest blog - Andrew Morris of GreyNoise provides insights on cybersecurity alert fatigue - what it is, why it's a problem and what can be done about it. PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The SYMANTEC WHITE PAPER Figure 2- Examples of data sets ideal for protection with VML technology Automated, Zero-day Protection for Data Vector Machine Learning has specific advantages that complement existing describing and fingerprinting technologies, IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. ADVENTURES IN AUTOMOTIVE NETWORKS AND CONTROL UNITS Copyright ©2014. IOActive, Inc. Each ECU has a particular purpose to achieve on its own, but they must communicate with other ECUs in order to coordinate their REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, Embedi IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51 A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. ADVENTURES IN AUTOMOTIVE NETWORKS AND CONTROL UNITS Copyright ©2014. IOActive, Inc. Each ECU has a particular purpose to achieve on its own, but they must communicate with other ECUs in order to coordinate their REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE Copyright ©2015. IOActive, Inc. focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle. SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL SCADA AND MOBILE SECURITY IN THE IOT ERA SCADA And Mobile Security In The Internet Of Things Era Alexander Bolshev (dark_k3y) Security Consultant, IOActive Ivan Yushkevich (Steph) Information Security Auditor, EmbediTEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. PENETRATION TESTING SERVICES FOR NETWORKS, APPLICATIONS An effective penetration test (pen test) can help you face the challenge. Pen testing simulates attempts to breach your organization’s or product’s security, giving you a clearer understanding of the risks and consequences of an attack. With proficiency far beyond off-the-shelf tools or remotely managed services, IOActive leverages the IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SYMANTEC WHITE PAPER Figure 2- Examples of data sets ideal for protection with VML technology Automated, Zero-day Protection for Data Vector Machine Learning has specific advantages that complement existing describing and fingerprinting technologies, IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most WHO WE ARE | IOACTIVE Driven by uncompromising integrity, fierce passion, and relentless creativity, IOActive has been helping to secure the world since 1998. Our unique “attacker’s perspective” is trusted by the Global 1000 to tackle some of their most complex security challenges. Understanding that the most dangerous threats – and the mostinnovative ideas
TEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. CONTACT US | IOACTIVE United Kingdom. 120 Charing Cross Road, 5th Floor London WC2H 0JR. Toll free 44 800 030 4911. Phone 44 20 7240 5223. Get Directions. IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. EASY SSL CERTIFICATE TESTING A simple way to test in this mode is to configure the browser proxy and navigate to a target domain. For example, the next command will start the proxy mode on port 9090 and will monitor requests to www.ioactive.com: C:\CertSlayerCertSlayer>python CertSlayer.py -d www.ioactive.com -m proxy IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 BREAKING INTO AND REVERSE ENGINEERING IOS PHOTO VAULTS Breaking into and Reverse Engineering iOS Photo Vaults. By Michael Allen. Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people storerisqué
A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most WHO WE ARE | IOACTIVE Driven by uncompromising integrity, fierce passion, and relentless creativity, IOActive has been helping to secure the world since 1998. Our unique “attacker’s perspective” is trusted by the Global 1000 to tackle some of their most complex security challenges. Understanding that the most dangerous threats – and the mostinnovative ideas
TEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. CONTACT US | IOACTIVE United Kingdom. 120 Charing Cross Road, 5th Floor London WC2H 0JR. Toll free 44 800 030 4911. Phone 44 20 7240 5223. Get Directions. IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. EASY SSL CERTIFICATE TESTING A simple way to test in this mode is to configure the browser proxy and navigate to a target domain. For example, the next command will start the proxy mode on port 9090 and will monitor requests to www.ioactive.com: C:\CertSlayerCertSlayer>python CertSlayer.py -d www.ioactive.com -m proxy IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The EASY SSL CERTIFICATE TESTING A simple way to test in this mode is to configure the browser proxy and navigate to a target domain. For example, the next command will start the proxy mode on port 9090 and will monitor requests to www.ioactive.com: C:\CertSlayerCertSlayer>python CertSlayer.py -d www.ioactive.com -m proxy A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most IOACTIVE | RESEARCH-FUELED SECURITY SERVICESBLOGSCONTACT USSERVICESINDUSTRIESCAREERSWHO WE ARE IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red teamservices
ARE YOU TRADING STOCKS SECURELY? EXPOSING SECURITY FLAWS This blog post contains a small portion of the entire analysis. Please refer to the white paper. Disclaimer Most of the testing was performed using paper money (demo accounts) provided online by the brokerage houses. Only a few accounts were funded with real money for testing purposes. In the case of commercial platforms, the free trials provided by the brokers were used. Only end-user IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The EASY SSL CERTIFICATE TESTING A simple way to test in this mode is to configure the browser proxy and navigate to a target domain. For example, the next command will start the proxy mode on port 9090 and will monitor requests to www.ioactive.com: C:\CertSlayerCertSlayer>python CertSlayer.py -d www.ioactive.com -m proxy A REVERSE ENGINEER’S PERSPECTIVE ON THE BOEING 787 ‘51BOEING 787 DREAMLINERBOEING 787 DREAMLINER INTERIORBOEING 787 JETBOEING 787 NEWSBOEING 787 SPECSBOEING 787 WIKI A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive. Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption. 1 The FAA published an airworthiness CLOUD SECURITY THROUGH THREAT MODELING Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 HACKING ROBOTS BEFORE SKYNET Hacking Robots Before Skynet. By Cesar Cerrudo & Lucas Apa. Robots are going mainstream in both private and public sectors – on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were SMART CITIES CYBER SECURITY WORRIES Smart Cities Cyber Security Worries CYBER ATTACKS AND THREATS Devices were found without encrypting communications allowing attackers to change tra c lights. SMART TRAFFIC CONTROL IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most WHO WE ARE | IOACTIVE Driven by uncompromising integrity, fierce passion, and relentless creativity, IOActive has been helping to secure the world since 1998. Our unique “attacker’s perspective” is trusted by the Global 1000 to tackle some of their most complex security challenges. Understanding that the most dangerous threats – and the mostinnovative ideas
TEAM | IOACTIVE
Cesar Cerrudo. Chief Technology Officer. As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Read full bio. CONTACT US | IOACTIVE United Kingdom. 120 Charing Cross Road, 5th Floor London WC2H 0JR. Toll free 44 800 030 4911. Phone 44 20 7240 5223. Get Directions. IN FLIGHT HACKING SYSTEM In-flight entertainment systems may be an attack vector. In some scenarios such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. EASY SSL CERTIFICATE TESTING A simple way to test in this mode is to configure the browser proxy and navigate to a target domain. For example, the next command will start the proxy mode on port 9090 and will monitor requests to www.ioactive.com: C:\CertSlayerCertSlayer>python CertSlayer.py -d www.ioactive.com -m proxy IOACTIVE DISCOVERS IN-FLIGHT ENTERTAINMENT SYSTEM Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. The HACKING THE JAVA DEBUG WIRE PROTOCOL This is the story of how I came across an interesting protocol during a recent code review engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a penetration tester’s point of view. I will cover some JDWP internals and how to use them to perform code execution A WAKE-UP CALL FOR SATCOM SECURITY A Wake-up Call for SATCOM Security. During the last few months we have witnessed a series of events that will probably be seen as a tipping point in the public’s opinion about the importance of, and need for, security. The revelations of Edward Snowden have served to confirm some theories and shed light on surveillance technologies that were IOACTIVE PEN-TESTING PROTECTION PROGRAM IOActive Pen-Testing Protection Program (IOA-PPP) IOActive knows very well the challenges many businesses face even during the best economic conditions. These challenges are magnified in an impaired economy as we face the impacts of coronavirus and the associated lockdowns. IOActive has over twenty-plus years experience supporting the most SAFENET IKEY 2032 IN-DEPTH LOOK INSIDE Safenet iKey 2032 In-depth Look Inside. By IOActive. Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, anddigital
* BLOGS
* CONTACT US
__ __
__
* SERVICES
* FULL STACK SECURITY ASSESSMENTS * SECURE DEVELOPMENT LIFECYCLE * RED TEAM AND PURPLE TEAM SERVICES* ADVISORY SERVICES
* TRAINING
* INDUSTRIES
* CRITICAL INFRASTRUCTURE* ENERGY
* FINANCIAL SERVICES* HEALTHCARE
* MANUFACTURING
* MEDIA & ENTERTAINMENT * RETAIL & CONSUMER PRODUCTS* TECHNOLOGY
* TELECOMMUNICATIONS* TRANSPORTATION
* RESOURCES
* BLOGS
* DISCLOSURES
* LIBRARY
* CAREERS
* WHO WE ARE
* TEAM
* EVENTS
* PRESS
* PHILANTHROPY
* SERVICES
* FULL STACK SECURITY ASSESSMENTS * SECURE DEVELOPMENT LIFECYCLE * RED TEAM AND PURPLE TEAM SERVICES* ADVISORY SERVICES
* TRAINING
* INDUSTRIES
* CRITICAL INFRASTRUCTURE* ENERGY
* FINANCIAL SERVICES* HEALTHCARE
* MANUFACTURING
* MEDIA & ENTERTAINMENT * RETAIL & CONSUMER PRODUCTS* TECHNOLOGY
* TELECOMMUNICATIONS* TRANSPORTATION
* RESOURCES
* BLOGS
* DISCLOSURES
* LIBRARY
* CAREERS
* WHO WE ARE
* TEAM
* EVENTS
* PRESS
* PHILANTHROPY
RESEARCH-FUELED SECURITY SERVICES Connect with a Security ExpertThe Latest
Events
Hardwear.io Security Training and Conference | USA 2021 | Andrew Zonenberg presentingResearch
Intel-commissioned whitepaper from IOActive Research: Cross-PlatformFeature Comparison
Other
IOActive archived webinars available for immediate access: AppSec, Breaking BLE series, Critical Infrastructure, Red/Purple Team, SecureDesign series, more
Research
Advisory | Microsoft Bluetooth Driver Spoofing Vulnerability |Nathaniel Theis
Blog
Trivial Vulnerabilities, Serious Risks | Tiago Assumpcao, RobertConnolly
Blog
IOActive Labs | A Practical Approach to Attacking IoT Embedded Designs Pt 2 | Ruben SantamartaBlog
IOActive Labs | Probing and Signal Integrity Fundamentals for the Hardware Hacker, Pt 2: Transmission Lines, Impedance, and Stubs |Andrew Zonenberg
Research
IOActive Security Advisory - Vulnerabilities found in the Brazilian CNJ PJe update systemBlog
IOActive Labs | A Practical Approach To Attacking IoT Embedded Designs Pt1 | Ruben SantamartaBlog
IOActive Labs | Probing and Signal Integrity Fundamentals for the Hardware Hacker Pt 1 | Andrew ZonenbergBlog
IOActive Labs | Warcodes II – The Desko Case | Ruben SantamartaBlog
IOActive Labs | TAPing the Stack for Fun and Profit: Shelling Embedded Linux Devices via JTAG | Ethan ShackelfordBlog
IOActive Guest Blog | Hiding in the Noise | Corey ThuenBlog
IOActive Guest Blog | Low-hanging Secrets in Docker Hub and a Tool to Catch Them All | Matias SequeiraBlog
CVE-2020-16877: Exploiting Microsoft Store Games | Donato FerranteBlog
Cybersecurity Vigilance for a Historic Election | Matt RahmanBlog
IOActive Labs | A journey into defeating regulated electronic cigarette protections | Ehab HussseinBlog
IOActive Labs | Password Cracking: Some Further Techniques | JaimeRiden
Blog
IOActive Guest Blog | Urban Jonson, Heavy Vehicle Cyber SecurityProgram, NMFTA
Blog
IOActive Labs | Uncovering Unencrypted Car Data in BMW Connected App |Alejandro Hernandez
Blog
Introduction to the IOActive Labs Blog | John SheehyBlog
Warcodes: Attacking ICS through industrial barcode scanners | RubenSantamarta
Press
IOActive Expands Secure Development Lifecycle Services with ContinuousPenetration Testing
SERVICES
IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations. We combine the latest security research with our time-tested techniques to provide critical security services, as penetration testing and red team services for the full stack, to meet your business goals and strengthen security resiliency. FULL STACK SECURITY ASSESSMENTSLearn More
SECURE DEVELOPMENT LIFECYCLELearn More
RED TEAM AND PURPLE TEAM SERVICESLearn More
ADVISORY SERVICES
Learn More
TRAINING
Learn More
IOActive Security Services IOActive Expands Secure Development Lifecycle Services with Continuous Penetration Testing New Service Model Designed to Enable Enterprise DevSecOps to Build a Robust Secure Development Lifecycleread more
Manufacturing
Transportation
Energy
INDUSTRIES
CRITICAL INFRASTRUCTUREENERGY
FINANCIAL SERVICES
HEALTHCARE
MANUFACTURING
MEDIA & ENTERTAINMENT RETAIL & CONSUMER PRODUCTSTECHNOLOGY
TELECOMMUNICATIONS
TRANSPORTATION
WE ARE A GLOBAL TEAM With operations and clients in six continents and more than 30 countries, we bring world-class services to your business andoperations
Learn More
EVENTS
Check our events calendar to find our team around the globe presenting at conferences, speaking on podcasts and webinars, moderating panels and hosting talks at an IOActive event near you. View the Full Events List5 July
VIRTUAL CONFERENCE
Hardwear.io Security Training and Conference | USA 2021virtual conference
5 July
SPEAKING ENGAGEMENT
Hardwear.io Security Training and Conference | USA 2021 | AndrewZonenberg
virtual conference
15 November
WORKSHOP
NMFTA - Heavy Vehicle Cybersecurity Workshop Alexandria, Virginia USAJOIN OUR TEAM
We thrive on outsmarting attackers and knowing our work keeps people and businesses safe. Share our mission? Join us!View Openings
__ __
__
* SERVICES
* Full Stack Security Assessments * Secure Development Lifecycle * Red and Purple Team Services* Advisory Services
* Training
* RESOURCES
* Blogs
* Disclosures
* Library
* IOActive Labs
* INDUSTRIES
* Critical Infrastructure* Energy
* Financial Services* Healthcare
* Manufacturing
* Media & Entertainment * Retail & Consumer Products* Technology
* Telecommunications* Transportation
* WHO WE ARE
* Team
* Philanthropy
* Press
* Events
* CAREERS
* CONTACT US
2021 IOActive Inc. All Rights Reserved.* Privacy Policy
* Terms of Use
* Disclosure Policy
By continuing to use the site, you agree to the use of cookies. moreinformation Accept
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.Close
Details
1