Research Blog

Published blog posts from the team


Blog Posts


1

PwnAssistant - Controlling /home's via a Home Assistant RCE

This blog post provides a summary of the Home Assistant architecture, attack surface, and our approach auditing pre-authentication components. This post summarises and links to a few published advisories, including a Critical pre-authentication vulnerability.




1

Cracking the Odd Case of Randomness in Java

This blog post details a technique for breaking Apache Commons Lang's RandomStringUtils and Java's random.nextInt(bound) when the bound is odd. A tool is released which demonstrates the practicality of the attack.




1

Golang code review notes

This blog post is aimed to help people performing security code reviews on Golang code bases to identify dangerous code patterns.




1

ESP-IDF setup guide

This post is for vulnerability researchers looking at the ESP32 and would like a quick setup guide.