When Qiling Framework Meets Symbolic Execution

Ever since the release of Qiling Framework in 2019, It provides reverse engineers with the best instrumentation experience across the industry. Various tools build on top of Qiling Framework for dynamic analysis purposes. But, there is one thing missing in the framework, symbolic execution. Symbolic execution is one of the most powerful strategies to automate […]


YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2013, YesWeHack was created by hackers, for hackers. We are committed to provide quality programs for our community and we are working very hard to be the best and fairest crowdsourced security platform out there. YesWeHack is not just a Bug Bounty platform. We also provide community tools and […]

A QEMU Black Box Escape via USB Device

As the most popular open-source cloud architecture, OpenStack uses Qemu-KVM as the virtualization implementation of its computing nodes. Therefore, the threat of vulnerabilities in Qemu is very noteworthy for cloud platform security. Although Redhat fixes a large number of vulnerabilities in Qemu every year, most of them will not affect OpenStack because they just exploit […]

Insecure Link: Security Analysis and Practical Attacks of LPWAN

With the rapid development of the Internet of Things technology, many new smart scenarios have emerged in recent years, such as smart cities and smart agriculture. The popularity of these new scenarios is inseparable from the rapid development of LPWAN (low-power wide-area network). In LPWAN, the two most mainstream technologies are LoRaWAN and NB-IoT, with […]

Attacking Cloud Native Kubernetes with CDK

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, with the rapid growth of cloud-native containers, several Cloud Service Providers are deploying Kubernetes in production to support customer multitenancy in their Serverless and CaaS offerings. Are they actually contain? Where is the weakness and how to exploit it? […]

X-in-the-Middle : Attacking Fast Charging Electric Vehicles

Electric vehicles represented by Tesla are changing the way people travel. How to safely and quickly charge electric vehicles is a problem that manufacturers of electric vehicles and charging piles need to solve. We conducted an in-depth analysis of the security of the DC fast charging communication protocol, and found many interesting findings. This talk […]