A home for publications, including slides/papers, proof-of-concepts, videos and tools.
For blog posts, see the elttam blog, and for our services, see our website.
| Date | Type | Event | Title | Resources |
|---|---|---|---|---|
| 2024 | preso | Appsec and Devsecops Summit Melbourne | Adaptive Code Assisted Security Assessments | pdf slides |
| 2024 | preso | Ruxmon Melbourne | Causing Funky Things in your NodeJS Servers | pdf slides |
| 2024 | preso | CrikeyCon | Keeping up with the Pwnses: An overview of Talkback | pdf slides |
| 2024 | adv | - | OTA Anti-Rollback Bypass via TOCTOU in ESP-IDF | CVE-2024-28183.md GHSA-22x6-3756-pfp8 |
| 2023 | adv | - | Apache Guacamole: Integer overflow in handling of VNC image buffers | CVE-2023-43826.md |
| 2023 | adv | - | STMicroelectronics STSAFE: I2C Receive buffer overflow | CVE-2023-50096.md |
| 2023 | adv | - | Label Studio: Hardcoded Django SECRET_KEY that can be Abused to Forge Session Tokens | CVE-2023-43791.md |
| 2023 | adv | - | Label Studio: Object Relational Mapper Leak Vulnerability in Filtering Task | CVE-2023-47117.md |
| 2023 | adv | - | Drupal core: cache poisoning vulnerability | CVE-2023-5256.md |
| 2023 | adv | - | Ruby on Rails: Possible XSS via User Supplied Values to redirect_to | CVE-2023-28362 |
| 2023 | writeup | - | RCE and other issues in Home Asisstant | home-assistant |
| 2023 | preso | Ruxmon Melbourne | Cracking the odd case of randomness in Java | pdf slides |
| 2022 | adv | - | Memory corruption in libksba | CVE-2022-47629.md |
| 2022 | preso | Budapest Infosec Meetup | Airplane Hacking | airplane-hacking.pdf |
| 2022 | writeup | - | LFI in inkscape via SVG injection | inkscape-xml.md |
| 2021 | preso | Yascon | Canotary: How to find and bypass Canarytokens | github.com, youtube.com |
| 2021 | preso | ISACA Melbourne | IoT Security Assessment Insights | pptx slides |
| 2020 | adv | - | FreeBSD kernel fs info leaks | cve-2020-25578.txt, cve-2020-25579.txt |
| 2020 | poc | - | Tuya IoT EZ Mode (Tuya Link) WiFi Credential Sniffer | tuya-live-extract.py |
| 2020 | preso | Airgap | haha v8 engine go brrrrr | youtube.com |
| 2019 | preso | BSides Perth | Understanding the Chromium Sandbox on Windows | pptx slides |
| 2019 | preso | OWASP Australia | Secure SDLC Speedrun | youtube.com |
| 2019 | preso | OWASP Australia | Session IPA: Sessions' Interesting Protection Anomalies | youtube.com, pdf slides |
| 2019 | preso | Ruxmon Melbourne | Little Black Book of Libc: Exploring the security properties of multiple libc implementation | github.com |
| 2019 | preso | Bsides Canberra | Kubernetes Security | youtube.com, pdf slides |
| 2018 | preso | BSides Perth | OpenSSH security | pdf slides |
| 2018 | poc | - | Fuze Card Paired Data Retrieval PoC | CVE-2018-9119.py |
| 2018 | preso | SDR Melbourne | Reversing BLE to Steal Your Wallet (CVE-2018-9119) | blog post |
| 2017 | poc | - | GoAhead httpd/2.5 to 3.6.5 LD_PRELOAD remote code execution exploit | CVE-2017-17562/ |
| 2017 | preso | Ruxmon Melbourne | BitcoinCTF III | pdf slides |
| 2017 | poc | - | Firejail TOCTOU privilege escalation | firejail-toctou.md |
| 2016 | adv | - | Advisory for multiple vulnerabilities in Retroshare | retroshare-advisory.pdf |
| 2016 | preso | BSides Canberra | EFF Secure IM Scorecard Review | blog post |