An introduction to firmware analysis
This talk by Stefan Widmann gives an introduction to firmware analysis: It starts with how to retrieve the binary, e.g. get a plain file from manufacturer, extract it from an …
The basics of digital wireless communication
The aim of this talk by Clemens Hopfer from the 30th Chaos Communication Congress is to give an understandable insight into wireless communication, using existing systems as …
Triggering deep vulnerabilities using symbolic execution
Symbolic Execution (SE) is a powerful way to analyze programs. Instead of using concrete data values SE uses symbolic values to evaluate a large set of parallel program paths …
Useful password hashing: How to waste computing cycles with style
Password-based authentication is widely used today, despite problems with security and usability. To control the negative effects of some of these problems, best practice …
Authentication using visual codes: what can go wrong
Several password replacement schemes have been suggested that use a visual code to log in. However the visual code can often be relayed, which opens up a major vulnerability. …
Building an OATH-compliant authentication server for less than $100
Using a Raspberry Pi nanocomputer and the multiOTP open source library, André Liechti showcases how to how to create an OATH-compliant authentication server at PasswordsCon …
Energy-efficient bcrypt cracking
Bcrypt is a password hashing scheme based on the Blowfish block cipher. It was designed to be resistant to brute force attacks and to remain secure despite of hardware …
Tales of passwords, cyber-criminals and daily used devices
Specific embedded devices are targeted by criminals in order to gain access or utilize for further attacks. Modems are attacked to change DNS-servers for advertising or …
The iCloud keychain and iOS 7 data protection
When Apple announced iOS 7, iCloud Keychain was one of its key features. It is no doubt great for usability, but what about security? What kind of access does Apple have to …
Verify your software for security bugs
Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows …
Documentary: Buying guns and drugs on the deep web
Motherboard used the deep web to find out just how easy it was to buy guns, drugs, and other contraband online. VICE Germany editor Tom Littlewood talks with cryptology …
Mikko Hypponen: How the NSA betrayed the world’s trust
Recent events have highlighted, underlined and bolded the fact that the United States is performing blanket surveillance on any foreigner whose data passes through an American …
Featured news
Resources
Don't miss
- Eyes, ears, and now arms: IoT is alive
- What’s worth automating in cyber hygiene, and what’s not
- Want faster products and stronger trust? Build security in, not bolt it on
- DDoS attacks jump 358% compared to last year
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)