Issues with Indefinite Trust in Bluetooth

At IncludeSec we of course love to hack things, but we also love to use our skills and insights into security issues to explore innovative solutions, develop tools, and share resources. In this post we share a summary of a recent paper that I published with fellow researchers in the ACM Conference on Security and … Read more

Customizing Semgrep Rules for Flask/Django and Other Popular Web Frameworks

We customize and use Semgrep a lot during our security assessments at IncludeSec because it helps us quickly locate potential areas of concern within large codebases. Static analysis tools (SAST) such as Semgrep are great for aiding our vulnerability hunting efforts and usually can be tied into Continuous Integration (CI) pipelines to help developers catch … Read more

Hacking Unity Games with Malicious GameObjects

The Unity game engine provides various means for getting external assets into a game, such as AssetBundles, for adding assets at runtime and the Asset Store, for purchasing third-party assets.

It’s possible for a GameObject to execute arbitrary code using no custom scripts, only components that are available by default in Unity. If the game uses Bolt or another visual scripting system, there are even more paths to code execution. In this blog I will cover how a malicious GameObject might get into a game, two specific methods I’m aware of for the GameObject to execute code, and possible ways to mitigate the risk.

Hack Series: Is your Ansible Package Configuration Secure?

Ansible configuration vulnerable to Apt module package management vulnerability

In our client assessment work hacking software and cloud systems of all types, we’re often asked to look into configuration management tools such as Ansible. In this post we’ll deep dive into what package management vulnerabilities in the world of Ansible look like. First we’ll recap what Ansible is, provide some tips for security pros to … Read more