Author Archive

Work conducted by Huy Dai. Introduction This is the third post of a six part blog series where I cover the use of CodeQL and Semgrep in bug-hunting. In the previous installments of the series, I provided examples of custom queries and rules that identify CVEs in open-source libraries. In this section, I will be… » Read More

Work conducted by Huy Dai. Introduction For this blog series, I look to highlight the usage of CodeQL and Semgrep as complementary SAST (Static Application Security Testing) tools to improve automation in bug-hunting. In the first blog post, I provided examples of a broadly generalizable bug query (written in both CodeQL and Semgrep) that were… » Read More

Huy Dai was previously a summer intern from MIT and has since graduated to join the Caesar Creek Software team in Woburn, MA. During his internship, he performed a security assessment of the Peloton Bike and, upon joining CC-SW full-time, he has conducted research using CodeQL and Semgrep to aid in vulnerability research. Motivation At… » Read More

The following is part 6 of a 6-part series detailing the examination of the security of Set-Top Boxes. The research was conducted by Om and Jack, two of our interns this past summer. Enjoy! Blog Post: Physical Exploit over SD Card Background Information In the previous post, we performed a cursory review of the filesystems… » Read More

Blog Post 5: Network Analysis and Exploit The following is part 5 of a 6-part series detailing the examination of the security of Set-Top Boxes. The research was conducted by Om and Jack, two of our interns this past summer. Enjoy! Background Information In our last post, we analyzed the filesystem to better understand how… » Read More