Sharing information is a vital resource for critical infrastructure security and resilience. As a member of the broader security community, we feel a responsibility to provide access to learnings and resources to foster collaboration that helps protect organizations and defend against malicious threats.
“When we work together, we collectively come up with some great ideas and a community that improves on how we work, interface, support one another, and, ultimately, build more secure (and safer) products.”
-Austin Tipton, Senior Security Engineer
Attempting to Bypass the AngularJS Sandbox from a DOM-Based Context in versions 1.5.9-1.5.11 (Part 1)
June 24, 2021
Introduction I recently found a Client-Side Template Injection (CSTI) vulnerability in a web application that uses AngularJS version 1.5.9. When I tried to leverage this issue to something more use...
Azure Sphere Reverse Engineering
October 20, 2020
Microsoft recently held a closed security bounty challenge for Azure Sphere, an application platform for internet-connected devices. While we did not participate in the three-month challenge which ...
Defeating Secure Boot with Symlink Attacks
August 11, 2020
Anvil is releasing a white paper today describing a technique that we have found useful to bypass secure boot on a number of embedded Linux devices where the file systems have been split into a sig...
Unpacking Bosch Surveillance Camera Firmware
July 16, 2020
While looking for new devices to perform reverse engineering on, I became interested in Bosch’s FlexiDome line of cameras, specifically the FlexiDome 7000, a day/night surveillance camera. This blo...
Hack-A-Sat 2020 CTF
June 1, 2020
Hack-A-Sat 2020 Hello! I am Michael Milvich and I recently joined Anvil's embedded security group. I have been a computer security consultant for over fifteen years with a focus on embedded systems,...
Culture – The Card That Completes Our Winning Hand
February 19, 2020
Finding and retaining talent is a priority for most any successful business. In the cybersecurity field, with a well-documented workforce shortage, it is doubly important. One of my responsibilitie...

Our Findings

Number of penetration tests performed in 2020
Percentage of appsec/cloud penetration tests in 2020
Average number of vulnerabilities found per person, per week
Page length of the winner of Anvil Best Report of 2020