Embedded Device Security Research: AXON Body 2 – Body Worn Cameras

By |2021-01-18T21:48:15-05:00January 15th, 2021|

Introduction Netragard performs regular vulnerability research against software and hardware. While most of this research is customer confidential, some of the research is intended for disclosure. The focus of our research for this article was the AXON Body 2 Worn Camera which plays a critical [...]

Inside the 2020 Ping of Death Vulnerability

By |2020-10-14T21:05:39-04:00October 14th, 2020|

What is the 2020 Ping of Death? Ping of Death vulnerabilities are nothing new. These vulnerabilities arise from issues in memory allocation in the TCP/IP stack. If memory is improperly allocated and managed, a buffer overflow vulnerability can be created that leaves the application vulnerable [...]

Hacking casinos with zeroday exploits

By |2020-04-07T12:22:22-04:00November 29th, 2016|

Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed.  Without this feature people would need to recall email addresses from memory or copy and paste from [...]

Exploit Acquisition Program Shut Down

By |2020-03-31T10:25:36-04:00July 17th, 2015|

We've decided to terminate our Exploit Acquisition Program (again).   Our motivation for termination revolves around ethics, politics, and our primary business focus.  The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their [...]

The Truth About Breaching Retail Networks

By |2020-03-31T10:26:03-04:00September 11th, 2014|

How we breached a retail network using our manual penetration testing methodology We recently delivered an Advanced Persistent Threat  (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words.  Our APT services [...]

Whistleblower Series – The real problem with China isn’t China, its you.

By |2020-03-31T10:27:14-04:00June 10th, 2013|

Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD).  The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem.  For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]

Comments Off on Whistleblower Series – The real problem with China isn’t China, its you.

Selling zero-day’s doesn’t increase your risk, here’s why.

By |2020-03-31T10:28:00-04:00August 13th, 2012|

The zero-day exploit market is secretive. People as a whole tend to fear what they don’t understand and substitute fact with speculation.  While very few facts about the zero-day exploit market are publicly available, there are many facts about zero-days that are available.  When those facts [...]

Comments Off on Selling zero-day’s doesn’t increase your risk, here’s why.