Resources

This blog post takes a brief look at TLS and certificate pinning, the problem of trust in Certificate Authorities that pinning attempts to address.

This blog post details exploitation of arbitrary deserialization for the Ruby programming language and releases the first public universal gadget chain.

Reviewing the security of the Fuze card device revealed no trust boundary between the card and the connecting device, allowing access to stored credit-card information.

Analysing a vulnerability in all versions of the GoAhead web server < 3.6.5 that allowed for reliable remote code execution via LD_PRELOAD injection.

How to use Kubler to build hardened, minimalistic, Docker Images from scratch for better security.

We take a brief look into Radio Frequency (RF) theory, Software Defined Radio (SDR), and visual analysis of various RF signal characteristics.

Analysis of compiler stack canaries and their implementation across various architectures.

We decided to audit libotr to gauge its general maturity. This post shares some of our work from the audit.

Journey of hunting for bugs in the WAG54G routers http daemon to find a way to remotely flash C&C firmware (pre-auth).

First part in a series of reviews against IM clients promoted by the EFF secure messaging scorecard.

Illustrated guide on identifying and interfacing with the serial pinout exposed on the Linksys WAG54G home router, useful for debugging and exploit dev.

An analysis of the browser threat landscape and reasoning about browser security for the family user.