Adversaries don't send reports. We do.
Anonymized case studies from real engagements, ten responsibly-disclosed CVEs, conference talks, and original offensive research from the 0block team. Names withheld under NDA; the techniques are exactly as we found them.
Five engagements that show the range — bridge, payments, hardware, red team, and crypto custody. Every one ended with the client safer, and the funds intact.
state enabling account takeover.amount to a peer transfer, flipping the debit into a self-credit./accounts/{id} object IDs — server never checked ownership (BOLA).state to confirm account takeover.state/PKCE validation.ENROLLEE_SUPPLIES_SUBJECT on the template, enforced manager approval, phishing-resistant MFA, and tiered admin isolation.We publish what we break. Field guides, bug-class breakdowns, and disclosures from across the team — written for the engineers who have to fix this stuff.
Fault injection on a hardened secure element — how a $300 glitching rig defeated a chip certified to resist it. We walk the full setup, from decapping and power-rail tapping to finding the exact microsecond the boot ROM checks the signature. The takeaway: "certified resistant" is a threat model, not a guarantee.
Read advisory → 02 · BlockchainSignature replay across chains — the anatomy of the bridge bug class that keeps draining DeFi. We break down why "verify the signature" is not the same as "verify the message," and how a missing chain-scoped nonce turns one signed payload into infinite mints. Includes a checklist your bridge should already pass.
Read advisory → 03 · Red TeamADCS ESC1 in the wild — the misconfiguration we find in roughly 70% of the Active Directory environments we test. One over-permissive certificate template lets a normal user request a cert for anyone, including Domain Admins. We show the request, the abuse, and the three-line template fix.
Read advisory → 04 · BlockchainThreshold ECDSA in crypto custody — why your MPC vendor's randomness matters more than their marketing. A biased nonce source doesn't fail loudly; it quietly leaks key shares one signature at a time until a lattice attack reassembles the key. We make the case for RFC 6979 and show what auditable signing looks like.
Read advisory → 05 · WebSeven misconfigurations we find in almost every audit — a field guide to redirect_uri, state, and PKCE failures. Each one is individually "minor" and collectively an account-takeover kit. We give concrete repro steps and the exact server-side checks that close them.
UART to root in under an hour — and what it says about the IoT supply chain you're trusting. An exposed debug header dropped us straight to a root shell with the unlock API in the clear. We trace the same SoC and firmware across four "different" brands sharing one vulnerable image.
Read advisory → 07 · Red TeamFive in-memory techniques our red team still uses to stay quiet — and how a tuned blue team catches them. We cover the gap between "an EDR is installed" and "an EDR is watching," with the telemetry that actually flips these from invisible to obvious. Written for defenders who want to test their own coverage.
Read advisory → 08 · BlockchainSandwich, frontrun, and oracle games against DeFi protocols — economic attacks treated as first-class threats, not market noise. We show how a manipulable spot oracle and a fat slippage tolerance combine into a profitable, repeatable drain. The fix is design, not a patch: TWAPs, tighter bounds, and MEV-aware accounting.
Read advisory →One write-up we keep getting asked about — the day a $300 rig walked through a chip that ships with "tamper-resistant" on the box.
Critical Hardware · Fault injection
We took a consumer cold-storage wallet built on a secure element certified to resist fault injection and broke its core promise on a bench that cost less than the device. By tapping the core voltage rail and characterizing the exact window where the boot ROM validates firmware, a single well-timed glitch let unsigned code run.
From there it was a short walk to dumping external flash and reconstructing the seed on a sacrificial unit. The write-up covers the full methodology — decapping, rail tapping, glitch search, and detection — and ends with the redesign that actually closes it: a true secure element, encrypted flash, and redundant boot-chain checks.
Read the write-upWhen we break something that ships to other people, we report it — to the vendor first, the public second. A selection of identifiers credited to the 0block team.
10 zero-days responsibly disclosed; a selection shown.
We take the work to the rooms where it gets torn apart by people smarter than us. Selected conference talks tied to the research above.
A Bridge Too Far: killing cross-chain replay before it kills your TVL.
Glitching the Unglitchable: $300 fault injection vs. a certified secure element.
Dumping the Vault: reversing hardware-wallet boot ROMs from the rail up.
From Cert to Domain Admin: ADCS ESC1 and the 6-hour red team.
Nonce Reuse Will End You: breaking threshold ECDSA in production custody.
MEV Is an Attack Surface: treating economic exploits as first-class bugs.
We practice what we publish. If you've found a vulnerability in a 0block property, or want us to help coordinate disclosure on a third party, report findings to disclosure@0block.org. We acknowledge fast, work to a fair embargo, and credit researchers.
The clients in these case studies sleep better because we found it first. Let's make sure your system never becomes one of them.