RESEARCH & ADVISORIES

OUR EXPERTS SHARING ABOUT IOT/ OT SECURITY & COMPLIANCE

Spotting Silent Patches in OSS with Binary Static Analysis

Discover how our latest binary static analysis tool is unearthing silently patched vulnerabilities in open-source software, revealing risks that could leave your systems exposed. This blog post delves into examples from widely used libraries, underscoring the need for a more thorough approach to vulnerability management beyond traditional CVE databases.

Read More »
ONEKEY Security Advisory Cisco Blog Overview Banner

Security Advisory: Remote Command Execution in Cisco Access Point WAP Products

This security advisory discloses critical vulnerabilities in Cisco’s Small Business Wireless APs and describes remote command execution vulnerabilities in all firmware versions that could be uncovered through the use of ONEKEY’s recently released binary zero-day identification feature. Although there are no patches due to the end-of-life status of the devices, it is recommended to restrict access to the administration interface.

Read More »
Binary Static Analysis – The Final Frontier ONEKEY Blogoverview Banner

Binary Static Analysis – The Final Frontier

Discover how the new feature for identifying zero-days in binaries files light on previously unexplored security risks in executable binaries. Learn more about our approach to decompilation, static code analysis and noise reduction to create a more secure digital environment. Learn more about the intricacies of our journey to improved cybersecurity.

Read More »
UNBLOB - Blog Overview banner highlighting features: FileSystem Sandboxing, Nice UI, and Pattern Identification, with a modern digital blue background

Latest Developments in Unblob (3)

Discover the latest UNBLOB developments, new features, and key changes in our blog post. Stay updated with our presentations at Blackhat Asia and BlackHat EU, the growing popularity of our GitHub repository, and major UNBLOB updates, including the FileSystem API, improved logging, and pattern auto-identification.

Read More »
ONEKEY Security Insight MAKING TOCTOU GREAT AGAIN – X(R)IP Blog Overview Banner

Making TOCTOU Great again – X(R)IP

Explore the nuances of TOCTOU vulnerabilities in embedded systems with XiP (eXecute in Place). Learn how these vulnerabilities can be exploited at the hardware level to bypass secure boot processes.

Read More »
UNBLOB Project Update Blog Overview-Banner

Latest Developments in Unblob (2)

In the ever-evolving world of firmware extraction, unblob continues to make waves. With five months of intense activity, our project has grown exponentially, and we have some exciting updates to share!

Read More »