Introduction The open Eclipse KUKSA project aims to provide building blocks for the Software Defined Vehicles that can be shared across the industry. The Eclipse KUKSA project is composed of diverse solution pieces where the KUKSA Vehicle Abstraction Layer named KUKSA.val is the main deliverable of the project. It provides in-vehicle software components...

Introduction Allbridge Core enables users to transfer dollar-pegged tokens ("stablecoins") between different blockchains. As of today, their smart contracts manage over $38 million locked across the chains they support. To transfer funds across different blockchains, there needs to be a liquidity pool (i.e. locked stablecoins) on both ends of the...

Introduction Renesas RH850 architecture is quite common in automotive ECUs and we often need during our assignments to analyze firmwares designed to run on this specific architecture. Reverse-engineering such firmware is one thing, being able to emulate some parts or the entirety of it is another that could be valuable to perform code coverage...

As auditors, we sometimes struggle when trying to explain to our customers that it is always better to reach the maximum level of security, instead of the minimal required effort. It does not always help that we cryptographers are known to speak in the language of Mordor (we just call it mathematics) and live deep in a zero-knowledge cave. Introduction...

USB (Universal Serial Bus) is the current standard for connecting peripherals to devices. USB is used to connect keyboards, mouses, printers, music instruments, storage, cameras and pretty much everything to a device. This makes it the perfect target for security researchers with physical access to a USB port. While exchanging with USB peripherals...

Introduction In 2017, Troy Hunt introduced in a blog post a service to allow people to check if a password is known to be already present among the 306 million of leaked passwords from various breaches.1 Of course, it was not recommended to submit your real password or even a hash of it. The following year, Junade Ali from Cloudflare proposed a very...