Runic Labs

What We Do

We research and exploit vulnerabilities in:

Embedded & appliance firmware
Linux & Windows userland
Network services & protocols
Enterprise software

Recent Research

[2026-05] The QNAP Pattern

Target: QNAP QTS 5.x + bundled plugins (Notes Station 3, QmailAgent, QVPN, et al.)

Read across QTS's web layer and three first-party plugins. Looked at how authentication, IPC, plugin sandboxing, and container boundaries actually compose in practice, versus how QNAP's docs describe them.

Read post →

View all research →

Tools & Frameworks

sigil · modular framework for security research (coming soon)

View all tools →

Engagement Model

We accept engagements for:

Targeted vulnerability research
Exploit development
Embedded & appliance assessments

We do not offer:

Automated scanning
Compliance checklists
Generic pentests

Contact

Email: research@runiclabs.io