Unintended Consequences of Equation Group Malware

Deoxyribonucleic Acid, or DNA as it is commonly known, has been the gold standard in forensic evidence associated with convicting criminals or overturning convictions that did NOT have, at the time, conclusive DNA evidence. Frontline recently studied some of the...

New World Order – When Databases Collide

I recently learned that the Department of Homeland Security is soliciting bids from private companies to provide access to a database of license plate tracking. As usual, the devil is in the details. I want you to forget big brother for a minute. Stop imagining...

Random Solutions Are Often Good Enough

[toc] Hard Problems As cybersecurity researchers, we deal with computationally hard problems all the time. Finding a hash collision… determining the user inputs that can assign a certain value to a tainted EIP… deciding whether a black-box binary is...

Physical Security Follow-up: These Locks Are Everywhere!

First of all, thanks for all of your positive feedback on our recent post on physical security. One of the comments we’ve received multiple times is that these types of locks and the practice of using mnemonics for their codes is primarily limited to government...

Exploiting Password Weaknesses in Physical Security

Digital spin locks like the Kaba Mas X-09 and X-10 are very common for high security applications like vault doors. US General Services Administration approval means that they are nearly ubiquitous in securing government filing cabinets that contain documents that are...

PHDays CTF Quals 2014 Write-up: "turututu"

We are given a file, “task.exe,” and told that “smthg wrong with this env.”  Running `file` tells us that this is not an EXE at all: it is an x86_64 ELF.  We try to run it and quickly determine it expects a certain command-line...