Research Blog

Published blog posts from the team

Blog Posts


PwnAssistant - Controlling /home's via a Home Assistant RCE

This blog post provides a summary of the Home Assistant architecture, attack surface, and our approach auditing pre-authentication components. This post summarises and links to a few published advisories, including a Critical pre-authentication vulnerability.


Cracking the Odd Case of Randomness in Java

This blog post details a technique for breaking Apache Commons Lang's RandomStringUtils and Java's random.nextInt(bound) when the bound is odd. A tool is released which demonstrates the practicality of the attack.


Golang code review notes

This blog post is aimed to help people performing security code reviews on Golang code bases to identify dangerous code patterns.


ESP-IDF setup guide

This post is for vulnerability researchers looking at the ESP32 and would like a quick setup guide.