
Defeating Secure Boot with Symlink Attacks
Anvil is releasing a white paper today describing a technique that we have found useful to bypass secure boot on a number of embedded Linux devices where the file systems…

Unpacking Bosch Surveillance Camera Firmware
While looking for new devices to perform reverse engineering on, I became interested in Bosch’s FlexiDome line of cameras, specifically the FlexiDome 7000, a day/night surveillance camera. This blog post…

Hack-A-Sat 2020 CTF
Hack-A-Sat 2020 Hello! I am Michael Milvich and I recently joined Anvil's embedded security group. I have been a computer security consultant for over fifteen years with a focus on…

Culture – The Card That Completes Our Winning Hand
Finding and retaining talent is a priority for most any successful business. In the cybersecurity field, with a well-documented workforce shortage, it is doubly important. One of my responsibilities at…

A bug and a misconfigured file share: a tale in two parts
Introduction This is a story in two parts. First, sometime mid-2019 Anvil was asked by one of its customers to come in and help out with evaluating the security posture…

A Strong Foundation
Since starting Anvil, and adding our first partner, Vincent Berg, in February 2017, a whole heck of a lot has changed. We have grown, added more employees, added Kim Bauer…

Capital One: Wake Up Call or Snooze Button?
This week’s data breach at Capital One was not shocking. Data breaches have been occurring for so many years at such a frequency that consumers have been numbed to the…

Cultivating Q2
When I began looking for my next professional adventure, I wanted to make sure that I ended up in a place that was an accurate reflection of the values and…

Looking inside the box
This blog post talks about reverse engineering the Dropbox client, breaking its obfuscation mechanisms, de-compiling it to Python code as well as modifying the client in order to use debug…