This is not a hot dog: an intuitive view on attacking machine learning models

In a previous post we introduced the field of adversarial machine learning and what it could mean for bringing AI systems into the real world. Now, we'll dig a little deeper into the concept of adversarial examples and how they work.For the purpose of illustrating adversarial examples, we’ll talk about them in the context of … Continue reading This is not a hot dog: an intuitive view on attacking machine learning models

Users ignore your security awareness program? Ditch it!

Yes, getting staff attention for security awareness is hard. It's not that users don’t care. But everybody is fighting for their attention. And after all, the company is investing big money on security measures, so they're probably safe anyhow. Way too often, for each handful of truly enthusiastic users I find, there's also a large community … Continue reading Users ignore your security awareness program? Ditch it!

Apples or avocados? An introduction to adversarial machine learning

A common principle in cybersecurity is to never trust external inputs. It’s the cornerstone of most hacking techniques, as carelessly handled external inputs always introduce the possibility of exploitation. This is equally true for APIs, mobile applications and web applications.

It’s also true for deep neural networks.

Sunsetting NVISO ApkScan

Today, we are announcing the retirement of NVISO ApkScan, our online malware scanning service we launched back in 2013. ApkScan was born with the purpose of offering the (security) community a free, reliable and quality service to statically and dynamically scan Android applications for malware. Since the inception of the project, it has been a … Continue reading Sunsetting NVISO ApkScan

Azure Security Logging – part 3: security-logging capabilities of Azure virtual machines

In this third blog post in a series about Azure Security Logging, we will focus on collecting security logs from Windows and Linux virtual machines. In part 1 we discussed how to define a security logging strategy in Azure. Part 2 went into detail about logging in some of the key Azure services. In this … Continue reading Azure Security Logging – part 3: security-logging capabilities of Azure virtual machines

Using Burp’s session Handling Rules to insert authorization cookies into Intruder, Repeater and even sqlmap

The problem.... Recently, NVISO was tasked to do a penetration test on a web application that had very short authenticated sessions and that implemented anti CSRF tokens. This presented a unique challenge, as most of our automated tools and techniques had no reliable way of working as the base requests that were being used as … Continue reading Using Burp’s session Handling Rules to insert authorization cookies into Intruder, Repeater and even sqlmap

Will they melt? Testing the resistance of flash memory chips

Firmware: the holy grail of most Internet of Things (IoT) security assessments! Sometimes, getting access to a device's firmware can be as easy as visiting the vendor's website. Other times, the only option is to dump it directly from the hardware, and this is where things get interesting. Some procedures used for dumping can expose … Continue reading Will they melt? Testing the resistance of flash memory chips