LB personal website - Posts

Subverting the Lua environment in Redis

lucab@lucabruno.net — Sat, 15 Feb 2025 00:00:00 +0000

In 2015 I performed an offensive security analysis of Redis, focusing on its Lua scripting capabilities and related execution environment. This post contains a brief summary of my findings, which at the time have been reported and discussed with project maintainers.

Google open-source peer award and Ukraine humanitarian aid

lucab@lucabruno.net — Tue, 08 Mar 2022 00:00:00 +0000

Recent days have been full of news and emotions, with many sad events and a few happy ones. On the last days of February 2022 I got shocked by the beginning of a new deadly war in Ukraine, but also got an unexpected FLOSS-related email from the Google Open Source Peer program</a>.

CVE-2020-10781 retrospective (zram hot_add local DoS)

lucab@lucabruno.net — Sun, 20 Sep 2020 00:00:00 +0000

This page contains a blameless retrospective analysis</a> on CVE-2020-10781</a>, from the point of view of the reporter (me</a>). This analysis has NOT been externally reviewed and may be biased/incomplete; private feedback and corrections are welcome!

nRF52 Debug Access Port protection

lucab@lucabruno.net — Thu, 26 Dec 2019 00:00:00 +0000

This post explains some low-level details related to nRF52</a> Debug Access Port (DAP) protection.

Binary execution across Linux mount-namespaces

lucab@lucabruno.net — Sun, 13 Aug 2017 00:00:00 +0000

This post briefly describes a useful trick to execute binaries across different mount-namespaces. It consists of a neat technique involving setns(2)</code> and fexecve(3)</code>.



Static hosting for a personal website
lucab@lucabruno.net — Sun, 01 Jan 2017 00:00:00 +0000
This post contains a quick summary describing how this website is actually made, and how it evolved over time.</p>