HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: October 2013

Trick or treat? Who’s afraid of mobile malware?

We thought today might be a good time to dig a little into the specter of mobile malware. Spooky stories abound, but is it really the tale of terror it's told to be?

Labels: Malware| mobile| security| ZDI

Verifying Windows Kernel Vulnerabilities

Outside of the Pwn2Own competitions, HP’s Zero Day Initiative (ZDI) does not require that researchers provide us with exploits. ZDI analysts evaluate each submitted case, and as part of that analysis we may choose to take the vulnerability to a full exploit.


In this post, we examine the steps involved in taking a 'write-what-where' vulnerability from a crash to full system compromise.

Labels: security

Mobile Pwn2Own: Targets await, Register today!

It’s not too late! Register today for HP’s Zero Day Initiative (ZDI) second annual Mobile Pwn2Own competition, to be held on November 13-14, 2013 at PacSec Applied Security Conference in Tokyo, Japan.

SEA attack on President’s social media tools

The Syrian Electronic Army continued their western targeted attacks this week by attacking President Barack Obama’s campaign media. Once again, by targeting a third-party and insiders’ email, they were able to modify shortened urls to redirect visitors to their own website, as well as a YouTube video.

HP Security Research Threat Intelligence Briefing - Episode 8

In this briefing we explore the tools used by attackers. We have focused in previous episodes on various actors and their methods. Here we take a look at the arsenal faced by their targets and provide an in-depth analysis of a discovered PHP-based web shell labeled with “1n73ction v.3.1 special edition by the hacker x’1n73t.” The web shell was discovered on a server that was subjected to a zero day (0day) attack against a Joomla 1.5.26 web site protected by RSFirewall resulting in a successful compromise and defacement.

Labels: threatbriefings

Confessions of a Zero Day Initiative Bug Hunter

A lot of people would argue that making a living out of solo, full-time bug hunting for the Zero Day Initiative is hard. It can be stressful at times, just like any other job, and if anything, it requires more dedication – a lot more. However, from my personal experience, it’s fun. 

Labels: security
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.