Resources

Here you'll be able to find all our presentations, white papers, and other publications.

Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem
Oct 28, 2022

Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem

When analyzing Moscow’s cyber power, much of the policy community and international media focus on the Russian government’s internal cyber units and several criminal entities identified in the press. This overlooks a vast part of the Russian cyber ecosystem—including open-source code projects to which Russian developers contribute

Pulling Mikrotik Into the Limelight
Jun 8, 2022

Pulling Mikrotik Into the Limelight

Pulling MikroTik into the Limelight presentation deck as presented at RECon Montreal 2022 by Ian Dupont and Harrison Green. In the wide expanse of router manufacturers and models, there is one reverse engineering target that stands out from the rest: MikroTik. Unlike many routers which run a patchwork of services

Who Owns Your Kernel?
Apr 5, 2022

Who Owns Your Kernel?

Presented at Summercon 2021, we discuss the open source supply chains, information operations targeting them, and how to identify these attacks (with some crazy examples of course). This project, to explore and protect the integrity of open source code, was funded via DARPA's SocialCyber program.

In Search of Lost Bytes: Hardware Implants and the Trouble With Supply Chains
Dec 1, 2020

In Search of Lost Bytes: Hardware Implants and the Trouble With Supply Chains

Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency and, often overlooked, incalculable risks. There is a fine line between acceptable and irreconcilable risk, while some risks are mitigatable, others are not, and ignoring the facts has disproportionate

Firmly Rooted in Hardware
Apr 30, 2020

Firmly Rooted in Hardware

Practical protection from firmware attacks in hardware supply chain. This talk reviews the practical risk from supply chain attacks, with a focus on those that may impact firmware integrity, either through hardware implants or other threats to firmware during manufacturing, provisioning, or deployment. Fresh styles and latest trends in hardware

Huawei and the Third Offset
Apr 6, 2020

Huawei and the Third Offset

In order to effectively mitigate the security risks posed by Huawei, the U.S. Department of Defense needs to fund and integrate cutting-edge technologies from the private sector. Although concern over Huawei’s implications for national security remains high, current U.S. strategies against Huawei have largely been framed as

In Search of Lost Bytes: Assurance Under Low Trust Conditions
Nov 8, 2019

In Search of Lost Bytes: Assurance Under Low Trust Conditions

Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency. When expanding any supply chain for an IoT voting machine to an entire national infrastructure, cost, reliability, and security of the alien component is taken into account. However, often

The Secret Life of Supply Chains
Nov 8, 2019

The Secret Life of Supply Chains

A presentation by Sophia d'Antoine at the 2019 COUNTERMEASURE IT Security Conference in Ottawa, Canada. Last year, Bloomberg’s Big Hack article gave everyone a much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. But a wider acknowledgment of the problem doesn’t make

The Risks of Huawei Risk Mitigation
Apr 24, 2019

The Risks of Huawei Risk Mitigation

While there is widespread agreement that Huawei devices in 5G infrastructure pose risk to the U.S. and allied nations, the policy community has paid insufficient attention to the technical aspects. This article attempts to rectify this gap.

Hacking the Motherboard: Exploiting Implicit Trust in All of the Forgotten Places
Apr 23, 2019

Hacking the Motherboard: Exploiting Implicit Trust in All of the Forgotten Places

Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.

Out-Of-Order Execution as a Cross-VM Side-Channel and Other Applications
Jan 1, 2019

Out-Of-Order Execution as a Cross-VM Side-Channel and Other Applications

In this paper, we introduce a novel side-channel using a popular optimization: out-of-order execution.

arrow-up icon