ONEKEY Research Labs

One of our own identified a buffer overflow in an industrial Bluetooth stack, details are now available at certvde.com/en/advisories/…

We recently released a static code analysis feature on the platform. Focus is on shell scripts, specifically the ones used in CGI. The blog post explores the different foot guns like unsafe eval, sed injection, etc Link below 👇

Since MITRE is still up, here's the CVE details: - cve.org/cverecord?id=C… - cve.org/cverecord?id=C…

Read the full write-up with all technical details, insights, and disclosure timeline: - onekey.com/resource/secur… - onekey.com/resource/secur…

A routine firmware scan by a ONEKEY customer turned into something much bigger... Critical stack buffer overflows were discovered in Viasat satellite modems. Unauthenticated RCE over LAN and OTA interfaces with CVE-2024-6198, unauthenticated RCE over WAN with 2024-6199.

Our automated binary static analysis does it again ! This time it's an unauthenticated command injection affecting TP-Link gaming routers. onekey.com/blog/security-…

Our latest security advisory is out. We identified remote command execution affecting Lua code within wireless backhaul devices from Ligowave.

New batch of automatically identified vulnerabilities just dropped. Affects industrial ethernet router from Delta Electronics. onekey.com/blog/security-…

Got nerd sniped by @wvuuuuuuuuuuuuu so I looked at D-Link “backdoor” (CVE-2024-3272, CVE-2024-3273). Our pipeline spot it, but it’s clearly not the only problem there. Filtered findings on code analysis, random sampling shows they’re valid, edited screenshot for public view.

Small anthology of “silently” patched bugs identified by our binary static analysis feature in FOSS present in firmwares. We’ll keep updating it through 2024 :) onekey.com/blog/spotting-…

I have been working on this with my team over the last year, so super happy it’s finally out ! ✨I’m providing as much details as possible about implementation and the academic research that inspired me in the post. onekey.com/blog/binary-st…

We've published details about the unblob features that landed in the second half of 2023. Check it out ⬇️ onekey.com/blog/latest-de…

unblob version 23.10.31 🎃 is out ! Includes many improvements for spoOoky file formats like CPIO, tar v7, and truncated FAT images. We also support Python 3.12 so Arch users are not left behind. Release notes: github.com/onekey-sec/unb… Installation: unblob.org/installation/