Latest News
Read all latest blog posts
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the xz software package, was made public on the oss-security mailing list.
Read MoreThe exploit recon 'msg_msg' and its mitigation in VED
Why msg_msg? The size of structure is control by userspace Firstly, the length of the msg_msg struct can be indirectly controlled from userspace, which means that msg can overlap the cache of the specified types.
Read MoreThe below-OS for supply chain of critical infrastructure protection
Background The endless cyber “war” in the levels of OS
Read MoreWhat can we learn from leaked Insyde's BIOS for Intel Alder Lake
Leaked story timeline According to the timestamp of the github repository, an unidentified user uploaded the Insyde’s partial firmware solution (4.
Read MoreThe magic about how modern OS boot
Linux kernel Under x86/amd64 architecture, Linux kernel is usually packed into bzImage format, which contains a partially-filled data structure for boot parameter, and multiple entry points of stages for 16-bit real mode, 32-bit protected mode, and 64-bit long mode if built for amd64, the last stage is a self-decompressing flat binary, which will decompress and execute the gzip-compressed kernel image proper, also in the format of flat binary, stored in its data segment.
Read MoreTechnical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!
0. VaultFuzzer S0rry, VaultFuzzer is not the main player today. We’re going have little ride with Harbian-QA and GREBE today.
Read MoreNext Generation Data Center Security: The Cornerstone of Web3?
0. Next generation data center What is the next generation data center?
Read MoreVaultBoot: Attestation as a Service
VaultBoot In the highest level of security profile (CRITICAL), the Vault 111 hardware node enables multi-trust anchors through the chip security features.
Read MoreVED (Vault Exploit Defense): Open source implementation
VED - Linux kernel threat detection and prevention system LKM version of VED goes public finally.
Read MoreTetragon: case study of security product's self-protection
Story background CTO of cloud-native security company Isovalent announced that their eBPF-based Security Observability and Runtime Enforcement solution Tetragon ( WayBackMachine 20220516 ) become open source after years of development in May 16 2022.
Read More