Research Archives

Blog

Analysis and Summary of CVE-2023-23410, HTTP Elevation of Privilege Vulnerability

In March 2023, two vulnerabilities were discovered in HTTP: a local elevation of privilege vulnerability and an RCE Vulnerability.

April 20, 2023

Blog

Introduction to Zero-Knowledge Proof Part 2

The second of a six-part series on the Introduction to Zero-Knowledge Proofs to help everyone better understand the concept.

February 16, 2023

Blog

Numen Vulnerability Researcher Discovers Apache Linkis Deserialization Vulnerability

Our researcher discovered a deserialization vulnerability that can result in remote code execution in Apache Linkis.

February 2, 2023

Blog

The Story of a High-Risk Vulnerability in Move Reference Safety Verify Module

After a bout of deep research, we found another high-risk vulnerability which is an integer overflow.

January 31, 2023

Blog

CVE-2022–36537 Vulnerability Technical Analysis with Exp

ZK is the top open-source Java web framework for creating enterprise web applications with over 2 million downloads.

January 31, 2023

Blog

Text4Shell Vulnerability Technical Analysis — What Exchanges and Other Institutions Need to Pay Attention To

Using untrusted configuration values can result in vulnerability to remote code execution with a NVD score of 9.8.

January 31, 2023

Blog

Looking for the ‘Sliver’ lining – Getting System Shell with Sliver C2

3 / 3

Hackers turn to Sliver C2 as a potent alternative attack tool amidst evolving defenses, revolutionizing the offensive landscape.

January 16, 2023

Blog

Zero Day Vulnerability: Chromium v8 js engine issue 1303458

Introduction UAF vulnerability has been discovered in the instruction optimization on x64 platforms in Chromium v8. Successful exploitation of this vulnerability could allow an attacker

January 4, 2023

Blog

From Leaking TheHole to Chrome Renderer RCE

Background CVE-2021–38003, or Issue 1263462, was a vulnerability exposed in 2021. The root cause of this vulnerability was due to the fact that JsonStringifier::SerializeObject() did not set the

January 3, 2023

Research

Analysis of the First Critical Vulnerability of Aptos Move VM

1. Preface The Move programming language is rising in popularity lately due to the strong advantages it has over Ethereum’s Solidity language. Move is used in

November 23, 2022

Research

TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis

Background and Preparation The patch released by Microsoft last month contained a vulnerability in the TCP/IP protocol that allowed for code execution. To ascertain the

November 7, 2022

Analysis and Summary of CVE-2023-23410, HTTP Elevation of Privilege Vulnerability

Introduction to Zero-Knowledge Proof Part 2

Numen Vulnerability Researcher Discovers Apache Linkis Deserialization Vulnerability

The Story of a High-Risk Vulnerability in Move Reference Safety Verify Module

CVE-2022–36537 Vulnerability Technical Analysis with Exp

Text4Shell Vulnerability Technical Analysis — What Exchanges and Other Institutions Need to Pay Attention To

Looking for the ‘Sliver’ lining – Getting System Shell with Sliver C2

Zero Day Vulnerability: Chromium v8 js engine issue 1303458

From Leaking TheHole to Chrome Renderer RCE

Analysis of the First Critical Vulnerability of Aptos Move VM

TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis

LET’S TALK!

We have the perfect security solutions for your industry.

Products

Resources

Services

Company

Social Media

Get in Touch

Request a Quote