Our Research

Ruby 2.x Universal RCE Deserialization Gadget Chain

This blog post details exploitation of arbitrary deserialization for the Ruby programming language and releases the first public universal gadget chain to achieve arbitrary command execution for Ruby 2.x.
Read More

Fuze Multi-Card Technology Security Review

Reviewing the security of the Fuze card device revealed no trust boundary between the card and the connecting device, which allowed complete access to the Fuze card's settings and stored credit-card information. This may easily be abused by malware, or direct connection by an attacker with momentary physical access, and was disclosed to the vendor in January 2018.
Read More

Remote LD_PRELOAD Exploitation

Analysing a vulnerability in all versions of the GoAhead web server < 3.6.5 that allowed for reliable remote code execution via LD_PRELOAD injection.
Read More

Building Hardened Docker Images from Scratch with Kubler

How to use Kubler to build hardened, minimalistic, Docker Images from scratch for better security
Read More

Intro to SDR and RF Signal Analysis

We take a brief look into Radio Frequency (RF) theory, Software Defined Radio (SDR), and visual analysis of various RF signal characteristics. We discover a good methodology for reversing RF signals, along with some simple analysis of some common RF remote devices that might be found around the home.
Read More

Articles Featured In


Interested in talking?

Contact Us