Blog Posts
This blog post details a root cause analysis for Project Zero Issue 2046 found by Sergey Glazunov.
This blog post explores how privileged Lua scripts can pop shells without dropping privileges.
A look into how scripting language interpreters can execute arbitrary commands when supplied with malicious environment variables.
This blog post takes a brief look at TLS and certificate pinning, the problem of trust in Certificate Authorities that pinning attempts to address, and discusses whether the lack of certificate pinning in a mobile application constitutes a vulnerability.