Research

SootUp vs. Soot - Is The New Static Analysis Library Ready For Use?

12 Nov 2024 - Sigmund Gorski
This blog post compares the static analysis library SootUp to its predecessor Soot to determine areas of improvement, areas that still need work, and how fit SootUp is to be used in actual tool development.

A Rhino of a Problem - Assembling Call Stacks for Rhino Polyglot Code

04 Nov 2024 - Sigmund Gorski
This blog post demonstrates Rhino Tracker, a solution for analyzing Rhino polyglot code.

Practical Jazzer for the Snazzy Fuzzer

28 Oct 2024 - Sam Shahsavar
We will review some lessons learned and tips for effectively fuzzing your applications with Jazzer.

Thinking About CVE-2023-21967, an OpenJDK Vulnerability

06 Oct 2023 - Sam Shahsavar, with contributions from Sofiane Talmat
We will analyze and build a POC for CVE-2023-21967, a vulnerability in OpenJDK.

Defeating MFA Number Challenges through Phishing

06 Sep 2023 - Paul Marrapese
Push verifications with an extra number challenge step have become a popular multi-factor authentication strategy. But, does this extra step actually offer any added protection against hackers?

DEFCON31 - ELF 64-bit Stack Based Buffer Overflow

05 Sep 2023 - Royce Davis
recently had the pleasure of attending DEFCON31 at Caesars Forum in Las Vegas. A few of us on the Red Team decided to...