recognize both excellence and incompetence in the field of information security
…your 2021 nominations!!! Thanks to our partners at Blackhat, the Awards will be broadcast live from the Blackhat main stage, August 4th 5:30pm PT! If you’re in town, come join us! For winners and prior winners who are in town, please contact us to join the afterparty.
Without further ado:
Video-based cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED
Practically exploitable cryptographic vulnerabilities in Matrix
MEGA: Malleable Encryption Goes Awry
LPE and RCE in RenderDoc, CVE-2023-33865 & CVE-2023-33864
UNCONTAINED: Uncovering Container Confusion in the Linux Kernel
Bypassing Cluster Operation in Databricks Platform
URB Excalibur: Slicing Through the Gordian Knot of VMware VM Escapes
Unveiling Vulnerabilities in Windows Network Load Balancing: Exploring the Weaknesses
Clement Lecigne: 0-days hunter world champion
Compromise of the whole PHP supply chain, twice
Branch History Injection (BHI / Spectre-BHB)
Three Lessons From Threema: Analysis of a Secure Messenger
Authentication Bypass in Mura CMS
Pinduoduo publishes spyware, denies it
“Holy fucking bingle, we have the no fly list,”
“I Was Sentenced to 18 Months in Prison for Hacking Back”
The disreputable … Jonathan Scott
Single Instruction Multiple Data Leaks in Cutting-edge CPUs, AKA Downfall
Inside Apple’s Lightning: Jtagging the iPhone for Fuzzing and Profit
Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT