Labs
Take a look at our tools, presentations, and policies.
Advisories
- Edison Mail Advisory – August 2019
- Qolsys Advisory – October 2015
- Systech Advisory – April 2016
- Sierra Wireless Advisory – June 2016
- Netcomm Wireless Advisory – June 2016
Slides
- 2016 April – Computers Everywhere (IoT)
- 2016 August – pin2pwn Howto Root an Embedded Linux Box With A Sewing Needle
Tools
Disclosure Policy
Whitepapers
Network monitoring with nmap
Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...
Abusing WebViews to Steal Files via Email
A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...
Carve Contest + Wargame: Exploiting Misconfigured Sudo
Wear’s the MITM?
Recently, we needed to man-in-the-middle TLS traffic coming from an Android Wear application. On a regular Android app, this would be an easy thing to do, but we started to run into trouble pretty quickly on the only Android watch that we had at our disposal, the 1st generation LG Watch Urbane. What made the […]
pin2pwn: How to Root an Embedded Linux Box with a Sewing Needle
One of the most critical issues that we look for when we assess an embedded/IoT device is secrets that are shared across the device population. Usually, finding these secrets involves gaining full access to our own device in order to find out how other devices may be affected. For example, an LTE router may have […]