CVE-2020-XXXXX - Getting root on webOS

The TL;DR A while back, I decided to devote some research time looking into the inner workings of webOS to be able to better understand the security posture of...

Source Code Audit Training Archive

Merry Christmas everyone! We are releasing the Code Audit Training Archive. This year was shaped by a lot of ups and downs for the most of us. To bring...

FX live on tape

Almost 2.5 years have passed since FX unintentionally vanished from the canvas of the hacking-scene cinema. Defying all odds, he has made exceptional progress and, from the beginning of this...

KNX, %s and a backdoor

TL;DR Several devices manufactured by WAGO contain an undocumented account with administrative privileges. The password for this account is device dependent, but easily brute-forcable. CERT@VDE was kind...

Trainings 2019

Over the years, the team at Recurity Labs has gathered a vast amount of experience on merely all stages of our cherished information security theatre. Every now and then, the...