Vulnerability Discovery
Blog Posts
Using Alternate Data Streams in the Collection and Exfiltration of Data
In this blog post, we describe how attackers obscure their activity via alternate data streams (ADSs) and how to defend against malware attacks that employ ADSs.
• By Dustin D. Updyke, Molly Jaconski
In Cybersecurity Engineering
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul Nielsen
In Software Engineering Research and Development
How Easy Is It to Make and Detect a Deepfake?
The technology underlying the creation and detection of deepfakes and assessment of current and future threat levels
• By Catherine Bernaciak, Dominic A. Ross
In Artificial Intelligence Engineering
Security Automation Begins at the Source Code
Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....
• By Vijay S. Sarvepalli
In CERT/CC Vulnerabilities
VPN - A Gateway for Vulnerabilities
Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...
• By Vijay S. Sarvepalli
In CERT/CC Vulnerabilities
Update on the CERT Guide to Coordinated Vulnerability Disclosure
It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....
• By Allen D. Householder
In CERT/CC Vulnerabilities
The Dangers of VHD and VHDX Files
Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....
• By Will Dormann
In CERT/CC Vulnerabilities
Announcing CERT Tapioca 2.0 for Network Traffic Analysis
A few years ago, I announced the release of CERT Tapioca for MITM Analysis. This virtual machine was created for the purpose of analyzing Android applications to find apps....
• By Will Dormann
In CERT/CC Vulnerabilities
Automatically Stealing Password Hashes with Microsoft Outlook and OLE
Back in 2016, a coworker of mine was using CERT BFF, and he asked how he could turn a seemingly exploitable crash in Microsoft Office into a proof-of-concept exploit that …
• By Will Dormann
In CERT/CC Vulnerabilities
The Curious Case of the Bouncy Castle BKS Passwords
While investigating BKS files, the path I went down led me to an interesting discovery: BKS-V1 files will accept any number of passwords to reveal information....