HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Briefing, Episode 21: Security topics in Big Data

random-tree.PNGOur latest HPSR Security Briefing looks at the security issues raised by the frameworks and algorithms that power Big Data. We discuss four modes of effective Big Data analysis and hazard guesses as to what lies ahead.

MyBatis - iBATIS deja vu? Perhaps not…

The latest rulepack from our Software Security Research (SSR) team comes with support for the MyBatis object relation mapping framework for Java. Static analysis being what it is, the team found some interesting support complications on the way to the release.

HP Security Briefing, Episode 20: The Internet of Things: A security overview

internet-of-things icons smaller.jpgIn the latest edition of the HP Security Briefing, we discuss the Internet of Things and how the advent of millions of connected devices affects network security from a practical standpoint.

Mobile Pwn2Own 2014: The day two recap

Two more competitors stepped up to the test bench on the second and final day of the annual contest in Tokyo

Labels: mobile| pwn2own| security

Mobile Pwn2Own 2014: The day one recap

ZDILogo.PNGA record number of contestants set a fast pace for this year’s Tokyo competition – five teams, five targets, five wins.

Labels: mobile| pwn2own| security

Mobile Pwn2Own begins: Competitors and targets

26725808_s.jpgThe third Mobile Pwn2Own competition begins in Tokyo with the largest competitor lineup in its history. We have the full schedule -- and the list of devices and platforms that await their fate.

Labels: mobile| pwn2own| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 13, 2014

OSINT.jpgIt's time for the June 13th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 6, 2014

OSINT.jpgIt's the first Friday in June--and here are your HP Security Research OSINT articles of interest. This blog post provides links to current events related to the cyber security industry. 

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 30, 2014

OSINT.jpgIt's time for the May 30th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 23, 2014

OSINT.jpgIt's the May 23rd edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find relevant in today’s security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 16, 2014

OSINT.jpgIt's that time of the week! Welcome to the May 16th list of HP Security Research OSINT articles of interest. 

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 9, 2014

OSINT.jpgWelcome to the May 9th edition of the HP Security Research OSINT News Feed--a list of publically available articles that we find relevant in today's security news! 

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 05, 2014

OSINT.jpgWelcome to the May 5th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 28, 2014

OSINT newsletter.jpgIt’s the April 28th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 14, 2014

OSINT.jpgWelcome to the April 14th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 4, 2014

OSINT.jpgIt's time for the April 4th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--March 28, 2014

Welcome to the March 28th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| HPSR| security

Process Introspection with Python

Triggering vulnerabilities and design flaws found through static analysis and research is a difficult process, and it can get complicated when the vulnerability lies in a less-accessible part of the code. We’ve developed a Python-based technique for effective, fairly quick prototyping and testing of such vulnerabilities.    

HP Labs and HP TippingPoint collaborate to reveal previously undetected network attacks

HP Labs and HP TippingPoint announce a major enhancement to the RepDv service. dvlabs.gif

Labels: HP| security

HP Grants $250,000 to Scholarship for Women Studying IT Security

HP announced that it will grant $250,000 to the Scholarship for Women Studying Information Security (SWSIS) program, and will work closely with academic institutions worldwide to develop course content to help students learn the fundamentals of IT security.

Labels: HP| security

Security education for the new generation

The security challenges facing the industry are mounting while attracting and retaining security talent is growing more difficult. What can we do to educate the next generation of computer scientists about security?

 

Tags: NGFW| rsa| security

Handling Zero Day disclosures at RSA

Handling vulnerability disclosures shouldn’t be difficult—here’s how to make sure you’re doing it right.   

Labels: HP| security

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Mobile Pwn2Own Tokyo 2013 – Crash bang boom

The results are in. Catch up with all the news from Mobile Pwn2Own in this handy summary of the contest.

Welcome to Mobile Pwn2Own at PacSec Tokyo - Super, happy fun

It's the big day! Join us for all the excitement of HP's ZDI Mobile Pwn2Own contest at PacSec in Tokyo. We'll be blogging throughout the day with news and the results of the contest.

Trick or treat? Who’s afraid of mobile malware?

We thought today might be a good time to dig a little into the specter of mobile malware. Spooky stories abound, but is it really the tale of terror it's told to be?

Labels: Malware| mobile| security| ZDI

Verifying Windows Kernel Vulnerabilities

Outside of the Pwn2Own competitions, HP’s Zero Day Initiative (ZDI) does not require that researchers provide us with exploits. ZDI analysts evaluate each submitted case, and as part of that analysis we may choose to take the vulnerability to a full exploit.

 

In this post, we examine the steps involved in taking a 'write-what-where' vulnerability from a crash to full system compromise.

Labels: security

Confessions of a Zero Day Initiative Bug Hunter

A lot of people would argue that making a living out of solo, full-time bug hunting for the Zero Day Initiative is hard. It can be stressful at times, just like any other job, and if anything, it requires more dedication – a lot more. However, from my personal experience, it’s fun. 

Labels: security
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I joined HP in 2014 and am currently a Sr. Security Content Developer within HP Security Research. In this role, I write and edit security analysis and supporting content from researchers.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.