Apple released iOS 18.3.1 (build 22D72) to patch a vulnerability tied to the Accessibility framework and reported by Citizen Lab. Let's analyze it!

In this blog post we explain the consequences of asking our R&D boss for a Steam Deck as a Christmas gift. It involves a couple of vulnerabilities, limited primitives, challenging exploitation and a long disclosure process.

This blog post presents our fuzzer for the Bluetooth Low Energy GATT layer and the related vulnerabilities found with it.

We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the bootloader, get root access on Android with persistency, and finally leak anything from the Secure World's memory including the Android Keystore keys.

The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) for the security measures implemented.

The following article explains how during a Purple Team engagement we were able to identify a vulnerability in Microsoft Teams on macOS allowing us to access a user's camera and microphone.

Following a brief introduction to differential fuzzing, this blog post reviews the leading tools that leverage it for testing cryptographic primitives. In the second half, we present a method for creating a differential fuzzer along with the results we obtained.

The following blogpost explains how during a Red Team engagement we were able to identify several vulnerabilities including Remote Code Executions in the latest version of Chamilo.

Discovery of two vulnerabilities (CVE-2024-34065) in Strapi, an open source content management system. In this post we explain how these vulnerabilities, if chained together, allow authentication to be bypassed.

Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?