Критика нашумевшей статьи о новом алгоритме факторизации, который (цитата): "...destroys the RSA cryptosystem": https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur

TL/DR: сенсации в этот раз не случилось, увы.

Quantum Collision Attacks on Reduced SHA-256 and SHA-512

"In this paper, we for the first time show dedicated quantum collision attacks on SHA-256 and SHA-512. The attacks reach 38 and 39 steps, respectively, which significantly improve the classical attacks for 31 and 27 steps. Both attacks adopt the framework of the previous work that converts many semi-free-start collisions into a 2-block collision, and are faster than the generic attack in the cost metric of time-space tradeoff. We observe that the number of required semi-free-start collisions can be reduced in the quantum setting, which allows us to convert the previous classical 38 and 39 step semi-free-start collisions into a collision. The idea behind our attacks is simple and will also be applicable to other cryptographic hash functions."

https://eprint.iacr.org/2021/292

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

"In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry proposed a plethora of tools to scan smart contracts for vulnerabilities before deploying them on the blockchain. However, most of these tools solely focus on detecting vulnerabilities and not attacks, let alone quantifying or tracing the number of stolen assets. In this paper, we present Horus, a framework that empowers the automated detection and investigation of smart contract attacks based on logic-driven and graph-driven analysis of transactions. Horus provides quick means to quantify and trace the flow of stolen assets across the Ethereum blockchain. We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild. Our investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant. Finally, we also demonstrate the practicality of our framework via an in-depth analysis on the recent Uniswap and Lendf.me attacks."

https://eprint.iacr.org/2021/284

ghidra_nodejs

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries.

https://github.com/PositiveTechnologies/ghidra_nodejs

Lord of the Ring(s): Side Channel Attacks on the
CPU On-Chip Ring Interconnect Are Practical

We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect.

https://arxiv.org/pdf/2103.03443.pdf
https://github.com/FPSG-UIUC/lotr

Торговля лицом FTW https://habr.com/ru/company/ruvds/blog/546026/

Deep Learning for Symbolic Mathematics

Neural networks have a reputation for being better at solving statistical or approximate problems than at performing calculations or working with symbolic data. In this paper, we show that they can be surprisingly good at more elaborated tasks
in mathematics, such as symbolic integration and solving differential equations. We propose a syntax for representing mathematical problems, and methods for generating large datasets that can be used to train sequence-to-sequence models. We achieve results that outperform commercial Computer Algebra Systems such as Matlab or Mathematica.

https://arxiv.org/pdf/1912.01412.pdf

A Spectre proof-of-concept for a Spectre-proof web

In this post, we will share the results of Google Security Team's research on the exploitability of Spectre against web users, and present a fast, versatile proof-of-concept (PoC) written in JavaScript which can leak information from the browser's memory. We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations.

https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html

GitHub удалил эксплоит для ProxyLogon и подвергся критике

https://xakep.ru/2021/03/12/proxylogon-poc-deleted/

leaky.page

This site hosts a proof of concept for the Spectre vulnerability written in JavaScript. It was developed and optimized for Chrome 88 running on an Intel® Core™ i7-6500U processor on Linux.

https://leaky.page/

CORS misconfiguration vulnerable Lab

This Repository contains CORS misconfiguration related vulnerable codes. One can configure the Vulnerable code on local machine to perform practical exploitation of CORS related misconfiguration issues.

https://github.com/incredibleindishell/CORS_vulnerable_Lab-Without_Database

Regexploit: DoS-able Regular Expressions

When thinking of Denial of Service (DoS), we often focus on Distributed Denial of Service (DDoS) where millions of zombie machines overload a service by launching a tsunami of data. However, by abusing the algorithms a web application uses, an attacker can bring a server to its knees with as little as a single request. Doing that requires finding algorithms which have terrible performance under certain conditions, and then triggering those conditions. One widespread and frequently vulnerable area is in the misuse of regular expressions (regexes).

https://blog.doyensec.com/2021/03/11/regexploit.html

Если вдруг кому-то потребуется обосновать опасность использования SMS в качестве второго фактора аутентификации: https://queue.acm.org/detail.cfm?id=3425909

Вакансия от Positive Technologies

Positive Technologies, отдел исследований по анализу защищённости приложений, старший разработчик.

География: удаленная работа, предпочтительно СПб

Основными задачами отдела является разработка алгоритмов анализа и защиты приложений, прототипирование и внедрение перспективных технологий в продукты компании.

Позиция подразумевает участие в проектах по исследованию технологий анализа защищённости и защиты приложений, разработку прототипов решений, развитие существующих проектов отдела (универсальный абстрактный интерпретатор, анализатор JavaScript-кода, LibProtection).

Требования к кандидату:

Опыт разработки приложений под .NET (C#);
принципы ООП и проектирования ПО;
методы рефакторинга;
основные алгоритмы и структуры данных.

Будет плюсом:

Понимание принципов работы компиляторов, методов решения задач по анализу кода;
знания в области безопасности веб-приложений;
теоретический бэкграунд (теории вычислений, графов, множеств).

vkochetkov@ptsecurity.com

‼️ Как вы уже возможно знаете, PHDays в этом году пройдёт в гибридном формате (ламповый оффлайн + массовый онлайн) 20-21 мая в отеле Хаятт Ридженси Москва Петровский Парк: https://www.phdays.com/ru/press/news/positive-hack-days-10-nachalo-costoitsya-20-21-maya-2021-goda/ Количество билетов в свободной продаже в этом году крайне ограничено и одним из альтернативных способов получить возможность участия в оффлайн активностях форума является выступление с докладом или мастер-классом.

В рамках форума планируется в том числе проведение очередного митапа PDUG в традиционном формате трека выступлений. Программа трека ещё формируется и, если вы хотите принять в нём участие, сейчас самое время отправить заявку на CFP: https://www.phdays.com/ru/press/news/positive-hack-days-otkryvaet-call-for-papers-stante-dokladchikom/ (тематика трека: "Secure development").

CFP продлится, как минимум, до 28 марта. Если вы не успеваете определиться с конкретной темой до этой даты, или хотите выступить в формате, не предусмотренном CFP, то пишите на vkochetkov@ptsecurity.com, что-нибудь обязательно придумаем :)

Детальный разбор уязвимостей, недавно обнаруженных в ядре Linux

https://habr.com/ru/company/skillfactory/blog/548366/