The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus.
Read more
This whitepaper explores the tools - such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc - of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since…
Read more
VirtualBox is arguably one of the best examples of a target that accommodates novice vulnerability researchers.
Read more
If you’ve ever wanted to play with angr but found the barrier to entry too high? Or have you seen people do what may as well be straight up magic using tools like Z3? This workshop…
Read more
This talk discussed the trials and tribulations of our Pwn2Own preparation this year for targeting Apple macOS Safari.
Read more
This whitepaper describes the vulnerabilities used for Desktop PWN2OWN 2018 and details of the exploits produced. These issues were tested against the latest release Safari (Version 11. 0. 3 13604. 5.
Read more
James Loureiro and Alex Plaskett presented The Mate Escape - Huawei Pwn2Owning at Hacktivity 2018.
Read more
Oracle Endeca is a used by a number of online retailers for implementing search functionality. This post introduces the concept of EQL injection attacks and how to defend against them.
Read more
Last year at CanSecWest, we celebrated the advantages of logic bugs over memory corruptions and showcased a nice and shiny bug in Chrome on Android from Mobile Pwn2Own 2016.
Read more
This document attached contains the vulnerabilities which were used for Mobile Pwn2Own 2017 (https://www. thezdi. com/blog/2017/11/2/the-results-mobile-pwn2own-2017-day-two) to compromise the Huawei Mate 9 Pro (LON-AL00 variant). The Huawei Reader issues were fixed within the patch: http://www.
Read more
As part of our preparation for Pwn2own 2018 we started investigating Web Assembly (Wasm) as this feature is a relatively new component added to Safari, which was likely to have undergone less assurance than some of the…
Read more
Apple recently pushed some substantial heap hardening changes to the allocator used within WebKit and JavaScriptCore (JSC), luckily just after pwn2own, but in order to target Safari again next year these new hardening changes will need…
Read more