The C++ language combines a massive potential for raw power with the massive risk of type and memory safety violations. The developer is inherently responsible for securing all executed code and to guarantee type safety and memory safety. We are particularly focused on type safety. In C++, developers can cast …
read moreOther articles
Dumpling: dumping fine-grained execution state
JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code, dynamically translating complex programs into efficient code. On the other end, the code may be controlled by an attacker that is trying to exploit bugs in …
read moreQMSan: discovering uninitialized memory errors in binaries
Sanitizers serve as the primary bug detection Oracle during automated testing. They "crash" the program gracefully and tell the fuzzer when and where a bug was triggered. The most well-known sanitizer is ASan or AddressSanitizer which adds redzones around memory objects to detect whenever an access is out-of-bounds. MSan or …
read moreTruman: discovering hypervisor bugs through virtual device models
Hypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each other, enabling strong isolation and security guarantees. In cloud environments, hypervisors separate non-trusting virtual machines and an attacker may try to compromise and gain access to …
read moreAuto-tagging SPAM emails
Are you tired of publishing SPAM? Join me on a journey to set up simple blocklists to auto-filter based on origin and sender for Postfix mail servers.
If you're in academia, you likely know publishing SPAM. For those that are not (or missed out on the pleasure so far), publishing …
read more38c3: Hutzelwutze in Hamburg
Another year, another CCC. It's been a long road from Berlin to Leipzig and Hamburg. Each year, I repeat the ritual of going to the "Kongress", the most amazing hacker get together in the world. The Kongress is special, hackers of all denominations meet, engage, hack, and enjoy a few …
read moreFrom Fuzzing to Frameworks: 2024 Research Highlights
2024 was an active year for the HexHive research group, marked by tireless efforts to enhance the security of various complex systems. A key trend throughout the year was the continued evolution of fuzzing research. Notably, we observed a gradual shift away from general-purpose fuzzing as a primary research focus …
read moreRIP Niklaus Wirth
Niklaus Wirth, known for his work on programming languages and systems, died on January 1st, 2024 (ETH Zurich). Wirth was known for his work on programming languages and systems with a keen focus on simplicity and functionality for which he was awarded the 1984 Turing Award. His most well-known language …
read more37c3: Chaos returning to Hamburg
After a three-year hiatus due to the pandemic, the Chaos Communication Congress is finally back at an onsite venue. For those that don't know, the congress is the biggest hacker Conference in Europe. It is known not just for deep technical talks and amazing hacks but also for political talks …
read more
Page 1 / 9 »