Ricerca Security

We are thrilled to announce that our researcher Akira Moroo (@retrage) and CEO Ren Kimura (@RKX1209) will be speaking at HITCON CMT 2024 in Taiwan! Title: Lessons Learned from a 4-Year Journey on Developing a Generic Fuzzing Framework hitcon.org/2024/CMT/agend…

In the final part of our Fuzzing Farm series, we provide technical analysis and a PoC for CVE-2022-24834, an RCE vulnerability in Redis we found. While we reported it in 2022, the bug detail was disclosed last week. If you use Redis, patch it immediately. ricercasecurity.blogspot.com/2023/07/fuzzin…

This is part 3 of our Fuzzing Farm series. Our team is also working on 1-day and 0-day exploits. In this article, we explain the process of developing a Proof of Concept (PoC) for undisclosed bugs, using a CVE of Google Chrome as an example. ricercasecurity.blogspot.com/2023/07/fuzzin…

This is part 2 of our Fuzzing Farm series. Our team is not only working to develop and utilize fuzzers, but also to evaluate and improve them. In this article, we discuss some pitfalls and insights when evaluating fuzzers. ricercasecurity.blogspot.com/2023/07/fuzzin…

Our Fuzzing Farm team is developing and utilizing fuzzers. We will be sharing their work over the next 4 blog posts, starting this week. The first post covers how to find bugs and identify their root cause through fuzzing. ricercasecurity.blogspot.com/2023/07/fuzzin…

We will be publishing an English version of the technical series "Fuzzing Farm," which was well-received in Japanese. The series will be released from this week to next week. The final day will feature a technical article explaining the exploitation of CVE-2022-24834. Stay tuned!

We have reported an RCE vulnerability in Redis, which is assigned as CVE-2022-24834. The patch was released yesterday and we recommend applying it promptly. We will be publishing the writeup and PoC next week. Stay tuned! redis.com/blog/security-…

The qualifying round for DEF CON CTF, the world's largest hacking competition, took place last month. For the second year in a row, the team with our company staffs qualified for the finals, placing 11th out of 535 teams worldwide (1st in Japan).

🏁Ricerca CTF 2023 has just ended🏁 #RicercaCTF 2023 is over! Thank you for your playing

🚩Ricerca CTF 2023 🚩 6 hours past since the start. 6 hours to go. #RicercaCTF Registration is still open. Visit 2023.ctf.ricsec.co.jp to play the CTF.

🚩Ricerca CTF 2023 has just started🚩 #RicercaCTF 2023 runs for 12 hours and ends at Apr 22 (Sat) 13:00 UTC. Visit 2023.ctf.ricsec.co.jp to play the CTF.

🚩Ricerca CTF 2023 registration is open🚩 We’ve just opened the registration for #RicercaCTF 2023 which starts tomorrow, Apr 22 (Sat) 01:00 UTC. Visit 2023.ctf.ricsec.co.jp to play the CTF. Challenges with a wide range of difficulty from rev, pwn, crypto, web, etc.

🚩Ricerca CTF 2023 website is now available🚩 The website of #RicercaCTF is now open. We are also proud to announce the authors. The event will take place next weekend: Sat, April 22, 2023. Registration will be open soon. Visit 2023.ctf.ricsec.co.jp for more information.

Our RCABench papers, presentation slides, and code are now publicly available! bar2023.github.io/program

Our SLOPT paper is now open access & the repository is also publicly available! dl.acm.org/doi/abs/10.114… github.com/RICSecLab/SLOP…

🦾 Our cybersecurity training is released 🦾 Participants can learn vulnerability analysis and exploit techniques, targeting everything from simple programs to kernel drivers. Customized training is also available. Visit ricsec.co.jp/en/news/traini… for more information.

We are honored to receive the best paper at #NDSS2023 #bar2023 ! Huge thanks to all the R&D teams involved in RCABench. twitter.com/machiry_msidc/…

Our paper "RCABench: Open Benchmarking Platform for Root Cause Analysis" has been accepted at the NDSS BAR 2023 workshop!

#RicercaCTF 2023 will be held on Saturday, April 22, 2023. The event will last 12 hours from 10:00 to 22:00 JST. We will announce details in April on CTFtime and Ricerca Security's official Twitter account. ricsec.co.jp/news/ricercact…

The denial-of-service (DoS) vulnerability in tdpServer of TP-Link RE300 V1 (CVE-2022-41783) that was reported by our security engineer has been disclosed. Please visit jvn.jp/en/jp/JVN29657… for more information.