elttam

Research Blog

Published blog posts from the team


Blog Posts


1

Simple Bugs With Complex Exploits

This blog post details a root cause analysis for Project Zero Issue 2046 found by Sergey Glazunov.




1

Lua SUID Shells

This blog post explores how privileged Lua scripts can pop shells without dropping privileges.




1

Hacking with Environment Variables

A look into how scripting language interpreters can execute arbitrary commands when supplied with malicious environment variables.




1

Are you winning if you're pinning?

This blog post takes a brief look at TLS and certificate pinning, the problem of trust in Certificate Authorities that pinning attempts to address, and discusses whether the lack of certificate pinning in a mobile application constitutes a vulnerability.