Research Blog

Lolbins? Where we’re going, we don’t need lolbins. At NCC Group, as a consultant in our hardware and embedded systems practice1, I often get to play with various devices, which is always fun, but getting your own software to run on them can be a bit of a pain.This article documents a few realisations and […]

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). Shared memory is often used to share data without the performance hit of copying. Whenever a shared resource is consumed by one component while being modified by another component, there is potential for Time-Of-Check-Time-Of-Use (TOCTOU) or Double Fetch […]

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). In the C programming language, integer types can be a bit confusing. Portability issues can arise when the same code is used in multiple hardware architectures or operating systems. For example, int is usually 32-bit, but could also […]

This is a four part blog post series that starts with Rustproofing Linux (Part 1/4 Leaking Addresses). This post uses a simple example to demonstrate a class of vulnerability that we encounter quite frequently when auditing kernel drivers and firmware. It’s a race condition, or more precisely a TOCTOU vulnerability. The complete vulnerable C driver […]

Rust is a programming language guaranteeing memory and thread safety while still being able to access raw memory and hardware. This sounds impossible, and it is, that’s why Rust has an unsafe keyword which allows a programmer to dereference a raw pointer and perform some other dangerous operations. The dangerous code is effectively contained to […]