RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Research | INSIGHTS, RESEARCH | January 22, 2022

How we hacked your billion-dollar company for forty-two bucks

subvert (v) : 3. To cause to serve a purpose other than the original or established one; commandeer or redirect: – freedictionary.com Why did one straw break the camel’s back?Here’s the secretThe million other straws underneath it– Mos Def, Mathematics The basic idea of this blog post is that most organizations’ Internet perimeters are permeable. Weaknesses in outward-facing services are rarely independent of one another, and leveraging several together can often result in some sort of user-level access to internal systems. A lot of traffic goes in and out of…

Jamie Riden
Research | INSIGHTS, RESEARCH | December 6, 2021

Cracking the Snapcode

A Brief Introduction to Barcodes Barcodes are used everywhere: trains, planes, passports, post offices… you name it. And just as numerous as their applications are the systems themselves. Everybody’s seen a UPC barcode like this one: [1] But what about one like this on a package from UPS?  [2] This is a MaxiCode matrix, and though it looks quite different from the UPC barcode, it turns out that these systems use many common techniques for storing and reading data. Both consist of…

Daniel Moder
Blogs | EDITORIAL | August 3, 2021

Counterproliferation: Doing Our Part

IOActive’s mission is to make the world a safer and more secure place. In the past, we’ve worked to innovate in the responsible disclosure process.

John Sheehy
Research | INSIGHTS, RESEARCH | July 30, 2021

Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries

The Basics gRPC is an open-source RPC framework from Google which leverages automatic code generation to allow easy integration to a number of languages. Architecturally, it follows the standard seen in many other RPC frameworks: services are defined which determine the available RPCs. It uses HTTP version 2 as its transport, and supports plain HTTP as well as HTTPS for secure communication. Services and messages, which act as the structures passed to and returned by defined RPCs, are defined as protocol buffers. Protocol buffers are a common serialization solution, also…

Ethan Shackelford
Library | WHITEPAPER | May 17, 2021

Cross-Platform Feature Comparison

For an Intel-commissioned study, IOActive compared security-related technologies from both the 11th Gen Intel Core vPro mobile processors and the AMD Ryzen PRO 4000 series mobile processors, as well as highlights from current academic research where applicable. Our comparison was based on a set of objectives bundled into five categories: Below the OS, Platform Update, Trusted Execution, Advanced Threat Protection, and Crypto Extension. Based on IOActive research, we conclude that AMD offers no corresponding technologies those categories while Intel offers features; Intel and AMD have equivalent capabilities in the Trusted…

Launch PDF
IOActive Research