This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to “.royal”. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecard’s Senior Malware Analyst, Vlad…

After a while, I’m publishing a blog post which made me interested. With the recent tweets about the undocumented SystemFunction032 Win32 API function, I decided to quickly have a look at it.…

Leaked story timeline According to the timestamp of the github repository, an unidentified user uploaded the Insyde’s partial firmware solution (4.

Fuchsia is a general-purpose open-source operating system created by Google. It is based on the Zircon microkernel written in C++ and is currently under active development. The developers say that Fuchsia is designed with a focus on security, updatability…

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-veh

Introduction Who are you? That’s a hard question to answer. Many philosophers have been fascinated with this question for years. Who are you in cyberspace? Your digital identity is comprised of...

This post attempts to illustrate email architecture
from a forensics perspective. It further describes techniques employed in email forensic analysis

A Technical Deep Dive on AWS KMS Key Access and AWS Key Grants.

By Felix Wilhelm, Project Zero Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A cus...

To see just how prevalent items of personal data are being listed on the dark web in 2022, and at what price, we went on a data-gathering mission.

Investigating Powercat Reverse Shell Activity OVERVIEW The primary objective of adversaries or attackers is to maintain persistence within the targeted infrastructure. To […]

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After…

NorthSea's Blog

This series of blog posts aims to describe and explain the internals of a recent addition to Samsung's system-on-chips, namely their Neural Processing Unit. The first part digs into the internals of the NPU and the second one focuses on the exploitation of…

Welcome back to my blog. In this post, I’ll explain the REcollapse technique. I’ve been researching it for the last couple of years to discover weirdly simpl...

Vendor: NXP Semiconductors Vendor URL: Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid Author: Jon Szymaniak <jon.szymaniak(at…

Russian hackers are not always breaching targets from afar, typing on their keyboards in Moscow bunkers or St. Petersburg apartment buildings. Enter GRU Unit 26165, a military cyber unit with hackers operating remotely and on-site. Going forward, Western…