Hero

Explore our Blog

At elttam, research and development is at our core. We investigate novel technical problems identified in the field, and are passionate about staying on the bleeding edge of recent developments and emerging technologies.

Our research blog show-cases posts from our team on novel research pieces, tools, and vulnerabilities.




Blog Ruby 2.x Universal RCE Deserialization Gadget Chain

By Luke Jahnke November 08, 2018

This blog post details exploitation of arbitrary deserialization for the Ruby programming language and releases the first public universal gadget chain to achieve arbitrary command execution for Ruby 2.x.

ruby deserialization
Blog Fuze Multi-Card Technology Security Review

By Mykel Pritchard April 24, 2018

Reviewing the security of the Fuze card device revealed no trust boundary between the card and the connecting device, which allowed complete access to the Fuze card's settings and stored credit-card information.

mobile bluetooth embedded device code review reversing exploitation poc CVE-2018-9119
Blog Remote LD_PRELOAD Exploitation

By dan December 18, 2017

Analysing a vulnerability in all versions of the GoAhead web server < 3.6.5 that allowed for reliable remote code execution via LD_PRELOAD injection.

exploitation code review CVE-2017-17562
Blog Building Hardened Docker Images from Scratch with Kubler

By berne November 16, 2017

How to use Kubler to build hardened, minimalistic, Docker Images from scratch for better security

docker kubler devops
Blog Intro to SDR and RF Signal Analysis

By Mykel Pritchard June 15, 2017

We take a brief look into Radio Frequency (RF) theory, Software Defined Radio (SDR), and visual analysis of various RF signal characteristics. We discover a good methodology for reversing RF signals, along with some simple analysis of some common RF remote devices that might be found around the home.

SDR RF reversing
Blog Playing with canaries

By hugsy January 24, 2017

Analysis of compiler stack canaries and their implementation across various architectures.

mitigations reversing exploitation
Blog EFF secure messaging scorecard review

By mattdan August 11, 2016

We decided to audit libotr to gauge its general maturity. This post shares some of our work from the audit, and also some recommendations for software security relevant to the EFF Secure IM Scorecard work.

eff code review exploitation
Blog Vuln research on the WAG54G home router

By daniel June 02, 2016

Journey of hunting for bugs in the WAG54G routers http daemon. The end goal of this research is to find a way to remotely flash C&C firmware (pre-auth), while learning a thing or two along the way... hey, we'd never actually touched MIPS assembly before this!

hardware hacking reversing exploitation
Blog A review of the EFF secure messaging scorecard...

By mattdan February 03, 2016

First part in a series of reviews against IM clients promoted by the EFF secure messaging scorecard, drawing from real examples to demonstrate the dependency between privacy and security. Findings have been patched in the latest release of RetroShare.

eff code review exploitation
in the media

What all the fuss is about