CoreLabs Information Security Projects

Below is an index of projects that members of the CoreLabs team have pursued. Click on any title to access more information about the project.

Title Excerptsort ascending
ND2DB Attack

Within this project we research a new attack technique that allows...

Non-Euclidean Ring Data Scrambler (NERDS) public-key encryption

With the advent of PDAs and other constrained computing environments come...

SQL Agent

We introduce the SQL Agent technique and implementation, an efficient...

Zombie 2.0: A web-application attack model

We analyzed the problems underlying the attack and penetration in the web...

BIOS rootkits

Traditionally rootkit research has focused on accomplishing...

Attack Planning

Today penetration testing is a highly manual practice, which requires an...

CORE TRUSS and Secure Triggers

This project relates to a software protection framework that we designed....

XSS Agent

This project is about analyzing the problems underlying exploitation and...

Exomind

The proliferation of social network services has produced an extensive...

Using neural networks for OS fingerprinting

The problem of remote Operating System (OS) Detection, also called OS...

Bugweek

The Bugweek is a research activity wherein the security professionals in...

Attacker-centric Risk Assessment Metrics

Risk assessment can be used to measure the security posture of an...

Public-Key Cryptography Based on Polynomial Equations

One of the challenges public-key cryptography faces is the absence of...

Gfuzz

Gfuzz is a web application fuzzing environment which combines fine-grained...

CORETEX

Coretex is a series of programming competitions organized by Core in...

Core Wisdom

CORE WISDOM is a suite of tools designed for the secure auditing of...

CORE GRASP

CORE GRASP is a web application protection software technique designed by ...

CORE FORCE

CORE FORCE® is a free comprehensive endpoint security solution for Windows...

Attack Simulation

Computer systems and networks are exposed to attacks on a daily basis. IT...

Protocol design flaws

Aside from the traditional vulnerability analysis in which we explore known...

MD5 collisions

After Dr. Wang presented the MD5 collisions at Crypto '05, Gera's...

Core CloudInspect

We are concerned with using the elasticity of public clouds to...

Teaching Penetration Testing

We are devising lessons and tools for using in a...

A Penetration Testing Research Framework

Penetration testing remains a required practice for...

Attack Payloads

Crypto and standard attack techniques can be...