Blog

Work conducted by Ibrahima Keita. Target Introduction: The Renesas RH850 Continuing our 7-part series on attacking the Renesas RH850. Renesas RH850 The Renesas RH850 is a 32-bit RISC CPU by Renesas Electronics. It is a refresh of the NEC V850, and has been developed by Renesas as of 2018. It is commonly utilized in the… » Read More
This blog series was produced by Ibrahima Keita and covers his summer internship project at CC-SW. The project goals were to explore and reproduce the public work on glitching and fault injection attacks. We wanted to share the tools and processes and the results of his research. He has since graduated from UMass Amherst and… » Read More
In the previous blog post, I started sharing tips and techniques for Semgrep rules. I continue that here in the final installment of my six part blog series, sharing some of the most helpful techniques I learned to decrease false positives in my Semgrep rules. Most often, whenever we run a Semgrep scan, we need… » Read More
In this fifth post of my six part blog series, I will be starting to share techniques and tips that I found helpful for writing Semgrep rules for finding vulnerabilities. The previous post discussed the organization of queries and connecting data flows. The motivation is that while CodeQL excels in analyzing codebases with source code… » Read More
In this fourth post of my six part blog series, I look to share some of the most helpful techniques I learned while writing CodeQL queries as a security engineer. In the last blog post, I provided tips on how to improve the generalizability of the queries by adding custom function identification classes, and how… » Read More