Hunting 0-days in Cisco DCNM with ShiftLeft Ocular
Hunting 0-days in Cisco Data Center Network Manager (DCNM) with ShiftLeft OcularSince the CVEs are now public, it’s time to show how ShiftLeft Ocular was used to discover three zero-day vulnerabilities in Cisco DCNM in a matter of hours while sipping some coffee and ranting about the incessant rains in ... Read More
Zero-Day Snafus — Hunting Memory Allocation Bugs
Zero-Day Snafus — Hunting Memory Allocation BugsPrefaceLanguages like C/C++ come with the whole “allocation party” of malloc, calloc, zalloc, realloc and their specialized versions kmalloc etc. For example, malloc has a signature void *malloc(size_t size) which means one can request an arbitrary number of bytes from the heap and the function returns ... Read More
Efficiently Testing Pipelined Microservices
Behind the magically populating dashboards of ShiftLeft lies a complex web of services. We have the state-of the art code property graph generation and querying systems that run on each incoming code artifact, squeezes the security DNA from it and uses it at runtime for providing immediate value of identifying ... Read More
