We are specialized in all areas within the domain of IT Security. See what we're researching, and catch up on interesting security news.

Assured at Security Fest 2022

Takeaways from Security Fest 2022, Gothenburg's big two day security conference!

Reflections from VECS 2022

Showcase from our participation at the Vehicle Electronics & Connected Services exhibition.

Accidental Intrusion, CVE-2022-1215

We found a way to bypass your lock screen (or whatever, you're root), by accident! Here's how we found it.

2022 - The year of Post Quantum Cryptography

What are the implications of quantum computing on the most common cryptographic algorithms and ciphers? We take a look at symmetric cryptographic algorithms like AES and asymmetric algorithms like RSA and Elliptic Curve.

Notes from the Log4Shell OWASP Meetup

A short summary of what was talked about during the Log4Shell meetup hosted by OWASP Gothenburg with some discussion on the background of the vulnerability, mitigation strategies and predictions.

Mullvad DNS over HTTPS server audit

Our good friends at Mullvad asked us to publish the report for a pentest we conducted on their DNS over HTTPS servers.

NTS whitepaper from Netnod

Assured has been involved in the development of the NTS standard and the first high capacity hardware implementation of NTS. Netnod has published a whitepaper explaining NTS.

A Brief Look at Open Security Keys. Part one: Solokeys

SoloKeys claims to be the first open-source FIDO2 security key. Let's open up a device to find out more about the licenses used, the hardware and the software design.

Some Notes on the Lightweight Block Cipher PRINCE

What is a lightweight block cipher? We take a look at the PRINCE algorithm - its uses, security traits and a hardware implementation.

Google Cloud Platform (GCP) Security Best Practices

A walkthrough of a couple of Google Cloud Platform (GCP) features with security recommendations and advice on how to configure your GCP environments.

CAN Hack! A hands-on automotive security course

We are offering a course on automotive security, called CAN Hack! The course is aimed at anyone interested in the security of connected vehicles. It combines theoretical lectures with hands-on challenges against a physical, simulated car.

The Little Black Book of Scams

A recommendation for a book which covers some useful security-related topics and many of the most commonly used scams and is certainly worth taking a look at, and to share with your friends and family.

TLS 1.3 in a nutshell

This article provides a brief TLS 1.3 overview. With TLS 1.3 and HTTP/2, the internet engineers are demonstrating a big commitment to reducing the impact of network latency to system performance and user experience!

Open Source Security Monitoring in AWS

As more and more businesses are moving their infrastructure from physical on premise devices to cloud services they are hitting obstacles when it comes to monitoring their cloud-infrastructure. If there's a tight budget for security monitoring, we provide a cheap way to do this without changing the infrastructure.

Comment on EFAIL

EFAIL is the name of a series of vulnerabilities in OpenPGP and S/MIME. Here we discuss the issues a bit.

Training to become an Assured Ninja

Assured's training program is for new-hires to create confident Assured consultants and security experts.

Nytt sätt att hitta kolliderande nycklar i strömkryptot RC4

(Swedish) Ännu en spik i kistan för det numera utdaterade strömkryptot RC4, med ett nytt sätt att hitta kolliderande nycklar.

TLS Fuzzers and Extending TLSFuzzer

Looking closer at TLSFuzzer, an exceptionally easy to understand fuzzing framework.