company news
blog posts

Introducing Choronzon: an approach at knowledge-based evolutionary fuzzing

CENSUS researchers Nikolaos Naziridis and Zisis Sialveras have recently presented their research on knowledge-based evolutionary fuzzing, at ZeroNights 2015 in Moscow, Russia. The talk introduced a cross-platform evolutionary fuzzing framework, that will be released as a free and open-source tool.

 read more...

Introducing wifiphisher — BSides London 2015

Hello. My name is George Chatzisofroniou (@_sophron) and I work as a security engineer at CENSUS. My current interests include cryptography, WiFi hacking, web security and network security.

This summer I gave a talk at BSides London. The talk was called ‘Introducing wifiphisher, a tool for automated WiFi phishing attacks’ and revolved around my recently published tool.

Wifiphisher is a security tool that mounts phishing attacks against WiFi networks. I released it in early 2015 and since then it became quite popular with a lot of press coverage. Community-driven BSides London seemed to be the perfect choice for introducing the tool and clarifying its purpose.

 read more...

OR’LYEH? The Shadow over Firefox (INFILTRATE 2015)

About two months ago (April 15th 2015) I visited Miami and presented at the INFILTRATE Security Conference a talk on Firefox heap exploitation, titled “OR’LYEH? The Shadow over Firefox”. The organization of the conference was flawless and the people I met there were amazing. A special thank you to the Immunity team for being great hosts and for their helpful feedback.

 read more...

DTrace talk at CONFidence 2015

Hello, my name is Andrzej Dyjak and I’m part of the research team here at CENSUS.

A few weeks ago (on May 26th) I gave a talk titled “DTrace + OS X = Fun” at CONFidence 2015 in which I have described how DTrace can be used in order to ease various tasks within the realm of dynamic analysis on the OS X platform.

The slides from this talk are now also available here.

5th InfoCom Security Conference

CENSUS was one of the sponsors of the 5th InfoCom Security conference, that was held on April 1st, 2015 at the Divani Caravel hotel in Athens, Greece.

 read more...

IMWC15 — The Mobile Threatscape

The slides from my InfoCom Mobile World Conference 2015 talk entitled “The Mobile Threatscape” are now available here.

5th InfoCom Mobile World Conference

CENSUS will be sponsoring the 5th InfoCom Mobile World conference, that will be held on February 26th, 2015 at the Divani Caravel hotel in Athens, Greece.

 read more...

Project Heapbleed

I recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). The talk titled “Project Heapbleed”, collected the experience of exploiting allocators in various different target applications and platforms. The talk focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.

 read more...

PoS Attacking the traveling salesman — DEFCON 2014

CENSUS researchers Alex Zacharis and Nikos Tsagkarakis presented their Point-of-Sale exploitation work entitled “PoS Attacking the Traveling Salesman” at this year’s DEFCON conference in Las Vegas, USA.

The talk illustrated vulnerabilities of airport point-of-sale systems that could be used by adversaries to collect passenger data.

Material from this talk can be found here:

The presentation was a success and caught the attention of various technology blogs:

We would like to thank the organizers of DEFCON for hosting this great event and hope to meet everyone again next year!

IMAPPS14 — Secure Mobile App SDLC

Here are the slides for our recent (albeit short) talk on “Secure Mobile App SDLC”, as presented at the 4th Infocom Mobiles and Apps conference.

 read more...