Archive for the ‘Blog’ Category

Work conducted by Ibrahima Keita. Introduction to Sidechannel Attacks & Fault Injection Continuing our 7-part series on attacking the Renesas RH850. Background In the previous blog post, we gave a brief overview of our target, the Renesas RH850, and the various security features. In this blog post, we will go over two techniques we can… » Read More

Work conducted by Ibrahima Keita. Target Introduction: The Renesas RH850 Continuing our 7-part series on attacking the Renesas RH850. Renesas RH850 The Renesas RH850 is a 32-bit RISC CPU by Renesas Electronics. It is a refresh of the NEC V850, and has been developed by Renesas as of 2018. It is commonly utilized in the… » Read More

This blog series was produced by Ibrahima Keita and covers his summer internship project at CC-SW. The project goals were to explore and reproduce the public work on glitching and fault injection attacks. We wanted to share the tools and processes and the results of his research. He has since graduated from UMass Amherst and… » Read More

In the previous blog post, I started sharing tips and techniques for Semgrep rules. I continue that here in the final installment of my six part blog series, sharing some of the most helpful techniques I learned to decrease false positives in my Semgrep rules. Most often, whenever we run a Semgrep scan, we need… » Read More

In this fifth post of my six part blog series, I will be starting to share techniques and tips that I found helpful for writing Semgrep rules for finding vulnerabilities. The previous post discussed the organization of queries and connecting data flows. The motivation is that while CodeQL excels in analyzing codebases with source code… » Read More