Here’s what we’ve found interesting this past month:

Blogs posts and articles

• Using Visualizations to Find Security Issues Faster: Fantastic overview of tactics for orienting to a new codebase quickly and efficiently, focusing on finding security-relevant functionality.

• Introduction to the Scudo Allocator: Blog posts about Scudo seem to be in vogue, and Jacob Bech of Vectorize has published the latest one. We’re looking forward to the rest of this series and seeing a practical exploit.

• Retro Gaming Vulnerability Research: Warcraft 2: Walks through some reverse-engineering methodology and learning enough about an unknown network protocol to prepare for fuzzing.

• Full Chain Baseband Exploits: 5-part series (3 parts currently released) about vulnerabilities in Samsung and MediaTek basebands, including baseband-to-AP pivot.