This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Latest Blog & Advisories
-
Circumvent IMDSv2 using Gopher Protocol
Title Circumvent IMDSv2 using Gopher Protocol McAiden Vulnerability No. MIDA2025-0005 Product AWS Publish 2025-04-25 By McAiden Research Lab Introduction In the ever-evolving landscape of cloud security, Amazon Web Services (AWS) has introduced several mechanisms to harden its infrastructure — and one of the most notable is the transition from IMDSv1 to IMDSv2. This new metadata…
-
MIDA2025-0003: Establishing Key for End-to-End Encryption
Key exchange is a fundamental step in establishing end-to-end encrypted (E2EE) communication. A secure key exchange ensures that only intended parties can derive and use the shared secret for further encryption and authentication. This advisory recommends practical and secure methods for performing key exchange in E2EE applications, tailored for modern security requirements and aligned with…
-
MIDA2025-0002: Certificate Pinning Is Not Outdated if You Do It Right
Title Certificate Pinning Is Not Outdated if You Do It Right McAiden Vulnerability No. MIDA2025-0002 Product Android Found 2025-02-03 By Nutthanon Thongcharoen (McAiden Consulting Co., Ltd.) Pumipat Korncharornpisuit (McAiden Consulting Co., Ltd.) McAiden Research Lab On July 29, 2024, Cloudflare published a blog post titled “Avoiding downtime: modern alternatives to outdated certificate pinning practices” (https://blog.cloudflare.com/why-certificate-pinning-is-outdated/),…