Research Blog

Published blog posts from the team


Blog Posts


1
By Luke Jahnke November 08, 2018

Ruby 2.x Universal RCE Deserialization Gadget Chain

This blog post details exploitation of arbitrary deserialization for the Ruby programming language and releases the first public universal gadget chain to achieve arbitrary command execution for Ruby 2.x.
ruby deserialization




1
By Mykel Pritchard April 24, 2018

Fuze Multi-Card Technology Security Review

Reviewing the security of the Fuze card device revealed no trust boundary between the card and the connecting device, which allowed complete access to the Fuze card's settings and stored credit-card information.
mobile bluetooth embedded device code review reversing exploitation poc CVE-2018-9119




1
By dan December 18, 2017

Remote LD_PRELOAD Exploitation

Analysing a vulnerability in all versions of the GoAhead web server < 3.6.5 that allowed for reliable remote code execution via LD_PRELOAD injection.
exploitation code review CVE-2017-17562




1
By berne November 16, 2017

Building Hardened Docker Images from Scratch with Kubler

How to use Kubler to build hardened, minimalistic, Docker Images from scratch for better security
docker kubler devops