The latest in Red Balloon Security’s innovations and industry insights.
Red Balloon Security attended DEF CON 31 in Las Vegas, Nevada where we contributed two challenges to the Car Hacking Village Capture the Flag (CTF) competition.
The latest version of OFRAK 3.1.0 on PyPI includes a range of new and experimental features. Click here t our full breakdown and demo clip.
Transform Cisco output strings into engaging visuals with ChatGPT and OFRAK. Elevate your network troubleshooting skills – learn how in our latest blog.
One of the neat features we’ve had in mind for the OFRAK GUI, almost since it came out, is to be able to show you a Python script version of your actions in the GUI.
This is helpful for a few reasons: remembering what you did, learning the Python API, generalizing your work in the GUI to a reusable script or component, and probably more.
Well, now this feature is here!
OFRAKโs FunctionReplacementModifier provides an easy-to-use API that leverages the PatchMaker to replace one or more functions in a binary. This post will walk through how this works.
We published OFRAK 2.2.1 to PyPI on March 8, 2023. As always, a detailed list of changes can be viewed in the OFRAK Changelog.
Recently, we improved the OFRAK Python package and dependency handling, resulting in the quicker installation of more functionality.
Recently, we improved the OFRAK Python package and dependency handling, resulting in the quicker installation of more functionality.
A birdโs eye view of firmware binaries can helps an engineer situate themselves and accelerates analysis with OFRAK’s Minimap view.
It is now possible to unpack, modify, and repack a raw flash dump while utilizing all of the power of current OFRAK. Learn more.
Friendly advice from Red Balloon Security: Just pay the extra $2 Recently, we wanted to use some wired headphones with an iPhone, which sadly lacks a headphone jack. The nearest deli offered a solution: a Lightning-to-headphone jack adapter for only $7. Got to love your local New York City bodega.ย ย But a wrinkle appeared: […]
Weโre one of 16 teams chosen to enhance the secure operation of 5G infrastructure. Red Balloon Security has received a $682,000 award from the National Science Foundationโs Convergence Accelerator Program, which includes participation in Phase 1 of the programโs Track G: Securely Operating Through 5G Infrastructure. The Department of Defense is aligned with the NSF […]
The release of RBSโs firmware reverse engineering tool is consistent with government and industry calls for higher security standards.
The TL;DR? We used OFRAK to rewrite the badge firmware so that it auto-plays the solution for Challenge 1. Check out our video and full breakdown.
Red Balloon Security White Paper ย Defending From Within: Why Embedded Systems Are the Essential to Achieving Space and Satellite Cybersecurityย Table of Contents: ย Executive Summaryย ย State of Cybersecurity in Space and Satellite Systemsย The Global Landscape 3 Shaping a Safer Futureย ย RedBalloonSecurity Investigationsย CyberLeo 2022ย Defend from Within: Symbiote Embedded Defense for […]
What’s in a vulnerability: Evaluating host-based defense through recent ICS device data We analyzed data from the national vulnerability database to assess the applicability of on-device security features Whether they are discovered by independent researchers, manufacturers, or cyber attackers, device vulnerabilities traditionally have been remedied via patching. Although reactive, patchingโs effectiveness is easy enough to […]
Protections at the device level are not a replacement for security controls in OT systems and networks. Theyโre a necessary extension of them. Embedded devices in industrial control systems (ICS) operate within an increasingly complex array of systems, networks and protocols. The complexity is only increasing as end users require more insight into how ICS […]
The Ukrainian conflict amplified serious questions about satellite security in this yearโs conference. But questions arenโt action, which is needed now to protect this critical industry.ย The Ukrainian conflict amplified serious questions about satellite security in this yearโs conference. But questions arenโt action, which is needed now to protect this critical industry.ย The Ukrainian conflict […]
ADVENTURES OF CAPTAIN OBVIOUS ISSUE #24.2 The Cybersecurity Chronicles: Red Balloon Securityโs graphic depiction of real-world questions.
Multi-step analysis and calibration: How Symbiote integration works RBSโs core technology is highly effective in any embedded device environment, from cars to heavy industry, because it does not require access to source code, or any hardware modifications. Multi-step analysis and calibration: How Symbiote integration works RBSโs core technology is highly effective in any embedded device […]
A new report on ICT supply chains helps frame the ongoing threats to the essential code in embedded devices. A new report on ICT supply chains helps frame the ongoing threats to the essential code in embedded devices. A new report on ICT supply chains helps frame the ongoing threats to the essential code in […]
ADVENTURES OF CAPTAIN OBVIOUS ISSUE #17.5 The Cybersecurity Chronicles: Red Balloon Securityโs graphic depiction of real-world questions.
SHMANCYBEAR: A RANSOMWARE PROOF OF CONCEPT Watch this video for a short-take of our ground-breaking research, which was covered in Bloomberg, TechCrunch, ISS Source, Smart Energy International and elsewhere. This is a demonstration that should push embedded devices to the forefront of cybersecurity discussions.
The electrical grid depends on protection relays. Our analysis of the hardware and firmware in three models should raise concerns about the state of the industryโs overall security โ and safety. Ask any Texan who endured the power outages during a severe winter storm in February 2021 about the critical nature of the electrical grid, […]
Red Balloon Securityโs groundbreaking research has found a means of implementing ransomware on a protection relay. The process is repeatable โ and general to embedded devices. Thanks to a spate of high-profile ransomware attacks in recent years, the cyber insecurity of critical infrastructure has lodged in the public consciousness and sparked grave concerns among leaders […]
Sal Stolfo was an original founding member of Red Balloon Security, Inc.
ยฉ 2022 Red Balloon Security.
All Rights Reserved.
ยฉ 2022 Red Balloon Security. All Rights Reserved.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.