Aleph Research Posts:
- Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
- Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 1: functional analysis)
- Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
- AFL++ on Android with QEMU support
By
Itai Greenhut,
16-Nov 2021
,
- SuDump: Exploiting suid binaries through the kernel
By
Itai Greenhut,
20-Oct 2021
,
- Aruba in Chains: Chaining Vulnerabilities for Fun and Profit
- Revised Homograph Attacks - Part 3
By
Tzachy Horesh,
28-Feb 2021
,
- Exploiting crash handlers: LPE on Ubuntu
By
Itai Greenhut,
16-Feb 2021
,
- Don't Ruck Us Again - The Exploit Returns
By
Gal Zror,
14-Oct 2020
,
- Revised Homograph Attacks - Part 2
By
Tzachy Horesh,
23-Jul 2020
,
- Accelerating iOS on QEMU with hardware virtualization (KVM)
By
Lev Aronsky,
19-Jul 2020
,
- Tunnelling TCP connections into iOS on QEMU
By
Lev Aronsky,
29-Mar 2020
,
- Don't Ruck Us Too Hard - Owning Ruckus AP devices
By
Gal Zror,
14-Jan 2020
,
- Revised Homograph Attacks
By
Tzachy Horesh,
29-Dec 2019
,
- Breaking Algorithms - SMT Solvers for WebApp Security
By
Leo Goldstien,
02-Sep 2019
,
- Xiaomi Zigbee (3): Live Debugging
By
Lev Aronsky,
15-Jul 2019
,
- Xiaomi Zigbee (2): Beyond Architecture
By
Lev Aronsky,
09-Jul 2019
,
- Xiaomi Zigbee (1): Getting to know the hardware
By
Lev Aronsky,
01-Jul 2019
,
- Running iOS in QEMU to an interactive bash shell (2): research
By
Jonathan Afek,
25-Jun 2019
,
- Running iOS in QEMU to an interactive bash shell (1): tutorial
By
Jonathan Afek,
17-Jun 2019
,
- It takes only one StackOverflowException to bring down an Application deployed on IIS
By
Gil Mirmovitch,
22-Oct 2018
,
- Overcoming (some) Spectre browser mitigations
- Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6's Secure Boot
By
Roee Hay &
Noam Hadad,
22-Jan 2018
,
- Exploiting Qualcomm EDL Programmers (4): Runtime Debugger
By
Roee Hay &
Noam Hadad,
22-Jan 2018
,
- Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction
By
Roee Hay &
Noam Hadad,
22-Jan 2018
,
- Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting
By
Roee Hay &
Noam Hadad,
22-Jan 2018
,
- Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
By
Roee Hay &
Noam Hadad,
22-Jan 2018
,
- Untethered initroot (USENIX WOOT '17)
By
Roee Hay,
30-Aug 2017
,
- Nexus 9 vs. Malicious Headphones, Take Two
By
Roee Hay,
13-Jun 2017
,
- initroot: Hello Moto
By
Roee Hay,
07-Jun 2017
,
- initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
By
Roee Hay,
23-May 2017
,
- OnePlus OTAs: Analysis & Exploitation
By
Roee Hay,
11-May 2017
,
- Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
By
Roee Hay,
26-Mar 2017
,
- Attacking Nexus 9 with Malicious Headphones
By
Roee Hay,
08-Mar 2017
,
- Owning a Locked OnePlus 3/3T: Bootloader Vulns
By
Roee Hay,
08-Feb 2017
,
- Attacking Nexus 6/6P Custom Boot Modes