Ophir Harpaz

@[email protected]
42 Followers
9 Following
3 Posts
It's pronounced `Awe-'fear`. Security research team lead at @Akamai (prev @Guardicore). Vegan for life.
Ophir HarpazJan 25, 2023

Really excited to share this piece of research from @TomerPeled92 and @yoni.

The two managed to sophisticatedly exploit an MD5 collision vulnerability in CryptoAPI (disclosed by the NSA & NCSC).

Our blog details everything from root cause to exploitation:
https://akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi

Link to PoC and demo: https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689

Ophir HarpazDec 19, 2022

Our RPC toolkit (https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit) was updated today with even more stuff from Ben Barnea (@nachoskrnl on Twitter):

* a flowchart describing the various security protections that can stop a remote RPC request

* two new blog posts, one on RPC security and the other on Ben's LSM vulnerabilities

akamai-security-research/rpc_toolkit at main · akamai/akamai-security-research

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai-security-research/rpc_toolkit at main · akamai/akamai-security...

GitHub
Ophir HarpazDec 1, 2022
It was high time that I finally understood VM entries and exits properly. My diagram is far from complete but I think it's better than Intel's 😏