Zero Day Research

Three zero days in three hours: Discovering CVE-2024-22086, CVE-2024-22087, and CVE-2024-22088

Zero-day exploits are discovered by security researchers, nation-states, cyber defense professionals, and hacktivist groups worldwide to infiltrate computer systems, networks, critical infrastructure, and Internet of Things (IoT) devices. As technology advances, cybercrime continues to spread into every global industry. This makes the race to find Zero-Day vulnerabilities crucial to the success of any organization. Positioned […]

Three zero days in three hours: Discovering CVE-2024-22086, CVE-2024-22087, and CVE-2024-22088 Read More »

Zero-Day Research: CVE-2023-51771 MicroHTTPServer Off-By-One Global Buffer Overflow

Unraveling a Subtle Yet Critical Vulnerability In the ever-evolving landscape of cybersecurity, certain vulnerabilities, though seemingly minor, can open the door to significant security breaches. At Skinny Research and Development, our team has delved deep into the nuances of one such issue: the off-by-one global buffer overflow. This vulnerability, while often overlooked due to its

Zero-Day Research: CVE-2023-51771 MicroHTTPServer Off-By-One Global Buffer Overflow Read More »

Zero-Day Research: CVE-2023-50965 MicroHttpServer Remote Buffer Overflow

introduction In the ever-evolving landscape of cybersecurity, where threats loom at every digital corner, Skinny Research and Development emerges as a beacon of innovation in the domain of zero-day research and vulnerability discovery. With a name that reflects our lean approach and focus on efficiency, Skinny R&D has demonstrated an uncanny ability to stay ahead

Zero-Day Research: CVE-2023-50965 MicroHttpServer Remote Buffer Overflow Read More »

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025

Striking a harmonious balance between high-level abstraction and low-level hardware control, the C programming language proves to be efficient for resource-constrained embedded systems. C programs can be finely tuned to optimize memory usage and execution speed, a critical consideration in embedded applications where resources are at a premium.  Despite the many benefits of the C

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025 Read More »

Zero-Day Research: ehttp Use-after-Free (CVE-2023-52266) and Out-of-Bounds Read (CVE-2023-52267)

The ehttp library advertises itself as a ‘simple HTTP server based on epoll’. The primary goal of the library is to provide an easy-to-use HTTP microservice with JSON support. The library supports HTTP 1.0/1.1 with GET and POST request methods. When utilizing a new library, I always execute various fuzz tests against the library to

Zero-Day Research: ehttp Use-after-Free (CVE-2023-52266) and Out-of-Bounds Read (CVE-2023-52267) Read More »

Scroll to Top