Hero

APPLIED RESEARCH

elttam’s Applied Research service helps organisations understand and respond to nuanced security challenges which requires deep security expertise.

Our team has specialised skills assessing emerging technologies, supply chain security, and security products and controls.

coverage

Research-driven assessments

Areas of expertise

Emerging Technologies
Emerging Technologies
Supply Chain Security
Supply Chain Security
Mitigating Controls
Mitigating Controls
Security Features and Products
Security Features & Products
Open-source Software
Open-source Software
Vulnerability Research
Vulnerability Research






approach

Deep technical expertise for niche challenges

In today’s world the threat landscape is always evolving. With many organisations building technologies that are highly targeted by skilled threat actors, which requires them to extend beyond typical assurance practices to apply research to support focusing on high-risk attack surfaces and nuanced vulnerabilities.

At elttam, our team has experience working alongside leading organisations that have advanced threat models, where deep technical expertise is essential to understand the relevant threats to uncover tangible insights and drive strategic countermeasures.

Outcomes

Deliverables

For our applied research assessments, we tailor the deliverables in accordance with our customers requirements. This often includes a technical report and supporting technical artefacts, proof-of-concept code, and bespoke tooling.

Icon Identify advanced security vulnerabilities
Icon Understand critical supply chain risks
Icon Stay on the pulse of emerging threats
Icon Bolster critical security controls

Latest from Our Blog

view all articles
Blog Gotchas in Email Parsing - Lessons From Jakarta Mail

By Jia Hao Poh November 17, 2025

This writeup goes through the various primitives in Jakarta Mail that could lead to high impact bugs if developers are unaware of the library's quirks. Primitives discussed here here can be applied to other mail parsing libraries.

Blog New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails

By Alex Brown March 04, 2025

This blog article documents a new unsafe reflection gadget in the sqlite3 gem, that can also be used in a deserialisation gadget chain to achieve RCE and is installed by default in new Rails applications.

Blog A Monocle on Chronicles

By Matt October 02, 2024

This post provides an overview of Talkback Chronicles for viewing snapshots of trending infosec resources for points in time, and also how to subscribe to a new weekly Newsletter feature.

view all articles