Research Blog

Published blog posts from the team

Blog Posts


RE of LR3

This blog post provides a walk-through of ESP32 firmware extraction and analysis to understand the technical implementation of the Litter Robot 3.


Abusing Amazon VPC CNI plugin for Kubernetes

This blog post covers exploring the Amazon VPC CNI plugin for Kubernetes, and how it can be abused to manipulate networking to expose access to other resources, including in other VPCs.


PwnAssistant - Controlling /home's via a Home Assistant RCE

This blog post provides a summary of the Home Assistant architecture, attack surface, and our approach auditing pre-authentication components. This post summarises and links to a few published advisories, including a Critical pre-authentication vulnerability.


Cracking the Odd Case of Randomness in Java

This blog post details a technique for breaking Apache Commons Lang's RandomStringUtils and Java's random.nextInt(bound) when the bound is odd. A tool is released which demonstrates the practicality of the attack.