Research Blog

Published blog posts from the team

Blog Posts


Simple Bugs With Complex Exploits

This blog post details a root cause analysis for Project Zero Issue 2046 found by Sergey Glazunov.


Lua SUID Shells

This blog post explores how privileged Lua scripts can pop shells without dropping privileges.


Hacking with Environment Variables

A look into how scripting language interpreters can execute arbitrary commands when supplied with malicious environment variables.


Are you winning if you're pinning?

This blog post takes a brief look at TLS and certificate pinning, the problem of trust in Certificate Authorities that pinning attempts to address, and discusses whether the lack of certificate pinning in a mobile application constitutes a vulnerability.