Sharing information is a vital resource for critical infrastructure security and resilience. As a member of the broader security community, we feel a responsibility to provide access to learnings and resources to foster collaboration that helps protect organizations and defend against malicious threats.
“We publicly posted the virtual machine used to simulate the scenarios described in the white paper so others can use it to experiment and test out the attack scenarios. It’s important to us to not only to tell you what we’re doing, but to show you too.”

– Michael Milvich, Fellow

nanopb Protobuf Decompiler
July 27, 2022
Here at Anvil we have increasingly run into embedded systems utilizing the nanopb - Protocol Buffers for Embedded Systems project. Nanopb is a small code size Protocol Buffer implementation targeting memory restricted systems. Nanopb.…
Information Security BASICS
May 31, 2022
This blog post is for the ambitious network administrator who has been promoted to head of information security and wants to demonstrably improve the organization's security in the first 90 days or so. I will talk about how to leverage your existing network administration knowledge…
Silly proof of concept: Anti-phishing using perceptual hashing algorithms
February 3, 2022
by Diego Freijo Welcome to the first dispatch coming out of the Ministry of Silly Ideas! It’s a space we’ve got inside Anvil where we encourage ourselves to come up with interesting-even-if-soundin...
Early-Career Security Engineer: Anvil Offers a Foundation for Growth
August 31, 2021
Introduction This blog post is written by Abhijeet Pate, who works as a security engineer at Anvil. The post talks about how he got started with Anvil, his transition from a student to a security e...
DHCP Games with Smart Router Devices
August 18, 2021
During a recent engagement, we identified a recurring and interesting scenario involving smart router devices. We define smart router devices as devices with functionality that requires them to pro...
Attempting to Bypass the AngularJS Sandbox from a DOM-Based Context in versions 1.5.9-1.5.11 (Part 2)
August 2, 2021
Introduction In Part 1 of this two-part blog series, we identified two checks introduced in AngularJS v1.5.9 to mitigate the vulnerabilities leveraged by the latest sandbox bypass: The ensureSaf...
Attempting to Bypass the AngularJS Sandbox from a DOM-Based Context in versions 1.5.9-1.5.11 (Part 1)
June 24, 2021
Introduction I recently found a Client-Side Template Injection (CSTI) vulnerability in a web application that uses AngularJS version 1.5.9. When I tried to leverage this issue to something more use...
Azure Sphere Reverse Engineering
October 20, 2020
Microsoft recently held a closed security bounty challenge for Azure Sphere, an application platform for internet-connected devices. While we did not participate in the three-month challenge which ...
Defeating Secure Boot with Symlink Attacks
August 11, 2020
Anvil is releasing a white paper today describing a technique that we have found useful to bypass secure boot on a number of embedded Linux devices where the file systems have been split into a sig...

Our Findings

Number of penetration tests performed in 2020
Percentage of appsec/cloud penetration tests in 2020
Average number of vulnerabilities found per person, per week
Page length of the winner of Anvil Best Report of 2020