2023-6-29 21:6:20 Author: research.nccgroup.com(查看原文) 阅读量:17 收藏
In Spring 2023, the Zcash Foundation engaged NCC Group to conduct a security assessment of the Zebrad application. Zebrad is a network client that participates in the Zcash consensus mechanism by validating blocks, maintaining the blockchain state (best chain and viable non-finalized chains), and gossiping blocks, transactions, and peer addresses. Five consultants performed the review, in a total of 60 person-days. The Zebra repository on branch `audit-v1.0.0-rc.0` was in scope, with the following modules highlighted as the main areas of focus: `zebra-chain`, `zebra-client`, `zebra-consensus`, `zebra-network`, `zebra-node-services`, `zebra-rpc`, `zebra-script`, `zebra-state`, `zebra-utils`.
Here are some related articles you may find interesting
Exploiting Noisy Oracles with Bayesian Inference
In cryptographic attacks, we often rely on abstracted information sources which we call “oracles”. Classic examples include the RSA parity oracle attack, which depends on an oracle disclosing the least-significant bit of a ciphertext’s decryption; Bleichenbacher’s attack on PKCS#1v1.5 RSA padding, which depends on an oracle for whether a given…
New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
TL;DR – 31 usernames extracted vs 13 from the next leading brand! Introduction Open Source Intelligence Gathering (OSINT) can be an activity in itself and can also form a solid foundation for Full Spectrum Attack Simulations. Getting an idea of username formats as well as a number of known usernames…
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
Product Details Name System.Linq.Dynamic.Core Affected versions 1.0.7.10 to 1.2.25 Fixed versions >= 1.3.0 URL https://www.dynamic-linq.net/ Vulnerability Summary CVE CVE-2023-32571 CWE CWE-184: Incomplete List of Disallowed Inputs CVSSv3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSSv3.1 base score 9.1 Overview What is Dynamic Linq? Dynamic Linq is an open source .NET library that allows developers to…
View articles by category
如有侵权请联系:admin#unsafe.sh