Latest News

Risk analysis of Log4Shell (CVE-2021-44228) and mitigation

Risk analysis of Log4Shell (CVE-2021-44228) and mitigation Log4Shell is a high impact exploitable bug in Java logging framework logj4.

VaultBoot: Next-Gen Firmware Security Solution

Background Firmware is a special type of software, mainly used for the control and communication of the underlying hardware.

VaultFuzzer: A state-based approach for Linux kernel

Background Since the beginning of computer software development, software quality has become an inevitable issue in the field of software testing.

VED (Vault Exploit Defense): A threat detection and prevention system

Background In the beginning of the hacker's era, a long-term battle for control of the “CORE” in memory has been waged since Aleph One published the paper Smashing The Stack For Fun And Profit on Phrack Issue 49 in 1996.

What every CISO and security engineer should know about Intel CSME

Background The majority of infosec community are trying to ignore the risks below the OS in past decades but it’s impossible to bury all of them at low cost today.

VaultHSM report: The way to confirm whether the Smart Card (J3H145) supports RFC-6979 ECDSA implementation

Background The original implementation of DSA-type signature algorithm (including ECDSA) needs a random number which belongs to the same mathematical object of the private key (an element of GF(p), in which p is a prime number).

Public crypto audit report: lurch/OMEMO

lurch/OMEMO Security Assessment Crypto is a neutral technology just like the natural existence (“For he makes his sun rise on the evil and on the good, and sends rain on the just and on the unjust.

Vault1317 protocol: a modern approach for metadata protection with deniability

vault1317/signal-dakez: An authenticated key exchange protocol with a public key concealing and a participation deniability designed for secure messaging Richard B.

Hello Vault* world!