Zero-Day Research: A Journey Through Lambda Calculus

Introduction In the realm of computer science, abstract concepts often find practical applications. The Lambda Calculus Interpreter (LCI) is a quintessential tool that marries theoretical foundations with real-world utility. At its core, lambda calculus serves as the bedrock of functional programming, offering a minimalist framework to explore computation through the lens of function abstraction and […]

Zero-Day Research: A Journey Through Lambda Calculus Read More »

Three zero days in three hours: Discovering CVE-2024-22086, CVE-2024-22087, and CVE-2024-22088

Zero-day exploits are discovered by security researchers, nation-states, cyber defense professionals, and hacktivist groups worldwide to infiltrate computer systems, networks, critical infrastructure, and Internet of Things (IoT) devices. As technology advances, cybercrime continues to spread into every global industry. This makes the race to find Zero-Day vulnerabilities crucial to the success of any organization. Positioned

Three zero days in three hours: Discovering CVE-2024-22086, CVE-2024-22087, and CVE-2024-22088 Read More »

Zero-Day Research: CVE-2023-51771 MicroHTTPServer Off-By-One Global Buffer Overflow

Unraveling a Subtle Yet Critical Vulnerability In the ever-evolving landscape of cybersecurity, certain vulnerabilities, though seemingly minor, can open the door to significant security breaches. At Skinny Research and Development, our team has delved deep into the nuances of one such issue: the off-by-one global buffer overflow. This vulnerability, while often overlooked due to its

Zero-Day Research: CVE-2023-51771 MicroHTTPServer Off-By-One Global Buffer Overflow Read More »

Zero-Day Research: CVE-2023-50965 MicroHttpServer Remote Buffer Overflow

introduction In the ever-evolving landscape of cybersecurity, where threats loom at every digital corner, Skinny Research and Development emerges as a beacon of innovation in the domain of zero-day research and vulnerability discovery. With a name that reflects our lean approach and focus on efficiency, Skinny R&D has demonstrated an uncanny ability to stay ahead

Zero-Day Research: CVE-2023-50965 MicroHttpServer Remote Buffer Overflow Read More »

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025

Striking a harmonious balance between high-level abstraction and low-level hardware control, the C programming language proves to be efficient for resource-constrained embedded systems. C programs can be finely tuned to optimize memory usage and execution speed, a critical consideration in embedded applications where resources are at a premium.  Despite the many benefits of the C

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025 Read More »

Zero-Day Research: ehttp Use-after-Free (CVE-2023-52266) and Out-of-Bounds Read (CVE-2023-52267)

The ehttp library advertises itself as a ‘simple HTTP server based on epoll’. The primary goal of the library is to provide an easy-to-use HTTP microservice with JSON support. The library supports HTTP 1.0/1.1 with GET and POST request methods. When utilizing a new library, I always execute various fuzz tests against the library to

Zero-Day Research: ehttp Use-after-Free (CVE-2023-52266) and Out-of-Bounds Read (CVE-2023-52267) Read More »

Scroll to Top