A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypto-stealing malware and show you how to protect your projects immediately.| jdstaerk.substack.com
We’ve had a lot of fun with VTech’s computers in the past on this blog. Usually, they’re relatively spartan computers with limited functionality, but they did make something very interesting in the late 80s. The Socrates is their hybrid video game console/computer design from 1988, and today we’ll start tearing into it.| Leaded Solder
FC| mrT4ntr4's Blog
I had so| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
There’s an internet web game slash social experiment thing called Internet Roadtrip that started a few months ago, where players collectively “drive” a car on Google Street View and can vote for which directions to go in. Here’s the website if you’d like to look at it before reading the rest of this post: https://neal.fun/internet-roadtrip.| matdoes.dev
Sending jobs to a label printer via SSH with Raspberry Pi Zero & Nix| nmattia.com
Earlier this year, I wrote about how I rescued a special recovery partition from an old Macintosh Performa 550’s dead hard drive. This partition had been lost to time and it was a race to try to save it before the remaining Performa 550 machines out there with their original hard drives were reformatted or destroyed. It has now been preserved on the Macintosh Garden. I have a few updates to that post that I’d like to share.| Downtown Doug Brown
Sorry, Doc Brown: we still needed roads in 1985. That meant paper atlases and misfolded roadmaps and a lot of stereotypical male anxiety a...| oldvcr.blogspot.com
JRPN Reverse Polish Notation Calculators inspired by the HP-15C and HP-16C| jrpn.jovial.com
In this post, we will analyze how Vanguard attempts to keep away bad actors by utilizing a simple yet brutally strong method| Xyrem Engineering
How you can use AI to decompile a game — A Hands-On and Ongoing Study| gambiconf.substack.com
Background| hhj4ck.github.io
Exploring how to track and analyze changes in Claude Code's system prompts and tools to understand AI assistant evolution| mariozechner.at
Have you ever wanted to reverse engineer an analog chip from a die photo? Wanted to understand what's inside the "black box" of an integrate...| www.righto.com
I ran out of characters for microblogging so this is where the big words go| nexy.blog
I recently found a Navman Bike 1000 in a thrift store for EUR 10. This is a| raymii.org
Back in 2021, a collector friend of ours was visiting a dusty warehouse in search of Apollo-era communications equipment. A box with NASA-st...| www.righto.com
Raelize provides top-notch embedded device security serrvices like consultancy, testing, research and training.| raelize.com
Vercel recently announced BotID, an anti-bot meant to protect against bots without requiring manual intervention. This post reverse-engineers the script and takes a peek inside.| www.nullpt.rs
A few years ago when I was into reverse engineering and binary analysis (and game modding), I did a lot of research into anticheats work. I was curious about tracking their updates, since that would allow me to:| not-matthias.github.io
...so the malware would finally shut up and run| mindless-area
Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an understanding of how this technology works and how it interacts with existing offensive tooling. While this technology is just a thin wrapper around a separate account, there are a few nuances such as who is permitted to access these accounts, as well as existing UAC bypasses which are still effective against the new "backdoorless" Administrator Protection. This post explores these nuances in detail.| XPN InfoSec Blog
I was recently poking around inside the original Power Macintosh G3’s ROM and accidentally discovered an easter egg that nobody has documented until now.| Downtown Doug Brown
Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.| www.huntress.com
Reverse engineering deeplinks from the iOS Shortcuts app.| Vox Silva
Or “How I got annoyed by a poor decompilation so I unearthed a hidden Ghidra feature” TLDR: there is a (undocumented and disabled by default) feature in the Ghidra decompiler that lets you create your own decompiler passes, using a custom DSL. I leverage it to write a deobfuscation rule for a simple obfuscation technique. Story Setup - introduction and problem statement Decompiler 101 - building and using Ghidra decompiler directly RULECOMPILE - a curious #define flag from the decompiler ...| msm's home
In 1985, Intel introduced the groundbreaking 386 processor, the first 32-bit processor in the x86 architecture. To improve performance, the ...| www.righto.com
The groundbreaking Intel 386 processor (1985) was the first 32-bit processor in the x86 architecture. Like most processors, the 386 contains...| www.righto.com
Contribute to LukasOgunfeitimi/TikTok-ReverseEngineering development by creating an account on GitHub.| GitHub
Flare-On 6 CTF WriteUp : help| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : vv_max| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : Mugatu| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : reloaderd| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : snake| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : wopr| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp: bmphide| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp : Demo| Attify Blog - IoT Security, Pentesting and Exploitation
Flare-On 6 CTF WriteUp: Dnschess| Attify Blog - IoT Security, Pentesting and Exploitation
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.| bughunters.google.com
The European Union's Digital Markets Act obligates Apple to provide certain features to iOS users in the EU, such as third party app stores. I live in the US and was able to develop a relatively-straightforward method to spoof your location on iOS and access these features, as well as any other region-locked iOS features you might be interested in experimenting with, even if you aren't in the required region.| Matt's internet home
Investigators decompiled the game to search through 2.2 billion random dungeon seeds.| Ars Technica
IDO based smart watches are a security nightmare, and there's likely millions of them out there| sprocketfox.io
Ever wondered how to inject code into a process on Linux?| GreyNoise Labs
While Trail of Bits is known for developing security tools like Slither, Medusa, and Fickling, our engineering efforts extend far beyond our own projects. Throughout 2024, our team has been deeply …| Trail of Bits Blog
The last couple of electronics repairs I’ve written about on this blog were both quite involved. Fixing stuff doesn’t always involve crazy rabbit holes though! Here’s a quicker fix that I recently performed.| Downtown Doug Brown
Introduction The challenge of converting low-level assembly code back into human-readable source code is a cornerstone problem in reverse engineering. In this post, we summarise recent work done at RevEng.AI that addresses this challenge through the development of foundational AI models designed for decompilation. As we shall see, this| RevEng.AI Blog
I love a good crackme. It was one of the first things I practised when I did my first CTF (Pico) this year. This challenge is for newcomers to Reverse Engineering. Crackme1 Nothing special, you just need to give execution permissions to the binary and then execute it. Crackme2 This binary asks us for a […]| Sharp Security
While everyone was waiting on news for the successor of the Nintendo Switch, Nintendo released the Alarmo. A small plastic alarm clock that ...| garyodernichts.blogspot.com
Comments| lobste.rs
How secure are some IoT cameras? Not very! From hardware issues to missing encryption, we will go over flaws in popular IoT cameras sold by one manufacturer.| Trevor Kems
Introduction| blog.compass-security.com
Jacob Vosmaer's blog| blog.jacobvosmaer.nl
Progress report for the Spider-Man decompilation project - July| krystalgamer.github.io
As you may remember from my last post on the subject, I fixed a couple of cheap Altera USB Blaster clones in June. I found improved open-source firmware and ported it to the previously useless CH552G-based one while fixing a bug in the process, and I soldered a slower 12 MHz oscillator into the Waveshare FT245+CPLD blaster which magically made it start working reliably in Linux.| Downtown Doug Brown
A proposed exemption to the DMCA would give researchers permission to break terms of service on AI tools to expose bias, training data, and potentially harmful outputs.| 404 Media
Adventures in Responsible Disclosure| Red Threat
Recently, I created a simple tool, Carve Exe, to carve executables from other files (e.g. memory dumps or network traffic). Carving executables from binary blobs is a common task in digital forensics and reverse engineering. For example, when analyzing how a malware sample unpacks and deobfuscates itself.| Blog by Joren Vrancken
Now that our 1987 Canon Cat is refurbished and ready to go another nine innings or so, it's time to get into the operating system and pull ...| oldvcr.blogspot.com
Resurrecting a dead Dune RTS game| wheybags.com
Security cameras are ubiquitous in today’s world, with millions of them installed in homes, businesses, and public spaces around the globe. These cameras are meant to provide a sense of security and surveillance, but they can also be a potential security threat if not properly secured. Working on my master’s thesis with the support of SECloud (Security Edge and Cloud Lab), and specifically the ACES (Automotive Cyberphysical and Embedded Security) laboratory, I recently had the opportunity...| tobiabocchi.me
I just love it when random conversations on Mastodon result in a “Huh, I didn’t know that”-moment. The other day I had one such moment about the Python programming language. I’ve been writing Python code for the last 17 years, and quite a lot of it the last 7 years since it is now more or less my full time job. While I still learn things all the time about the language, I’ve started to get more curious about its quirks and surprises.| Veronica Writes
Two factor authentication (2FA) is an amazing invention. For one thing, it can significantly increase the security of your online accounts without significantly increasing the hassle of logging in. Additionally, the most popular 2FA algorithms are available in both free software and proprietary software implementations. This weekend, I reverse engineered Symantec's proprietary 2FA token solution with the goal of creating a free software alternative. Motivation Why did I do this? Well, like ma...| Cyrozap's Tech Projects
Let's reverse engineer a restaurant pager system I bought off the internet!| k3xec.com
Estimating the effort needed to re-implement the Wi-Fi driver| esp32-open-mac.be
in which two women are driven into madness by poorly documented cab signaling gear| tris.fyi
After a while, I’m publishing a blog post which made me interested. With the recent tweets about the undocumented SystemFunction032 Win32 API function, I decided to quickly have a look at it. The first thing I noted after Googling this function was the source code from ReactOS. Seems like other SystemFunctions from 001 got other […]| 🔐Blog of Osanda
What is a Callback Function? In simple terms, it’s a function that is called through a function pointer. When we pass a function pointer to the parameter where the callback function is required, once that function pointer is used to call that function it points to it’s said that a call back is made. This […]| 🔐Blog of Osanda
In my previous article Exploring the MS-DOS Stub I stated that after experimenting, the Windows loader only cares about the e_magic and the e_lfanew members from the _IMAGE_DOS_HEADER. Because the rest of the members of the DOS header is used by MS-DOS to execute the stub program. Check it out if you have not. If […]| 🔐Blog of Osanda
A long time ago when I got my first computer, I accidentally opened a 32-bit demo with a nice chiptune inside MS-DOS and it worked. I was surprised by how this happens. I was curious to find out how this works behind the scenes. Back in the time I was a little kid and had […]| 🔐Blog of Osanda
Generally in application security, the user input must be sanitized. When it comes to SQL injection the root cause most of the time is because the input not being sanitized properly. I was curious about Windows Management Instrumentation Query Language – WQL which is the SQL for WMI. Can we abuse WQL if the input […]| 🔐Blog of Osanda
Context Before I got into reverse engineering, executables always seemed like black magic to me. I always wondered how stuff worked under the hood, and how binary code is represented inside .exe files, and how hard it is to modify this ‘compiled code’ without access to the original source code. But one of the main intimidating hurdles always seemed to be the assembly language, it’s the thing that scares most people away from trying to learn about this field. That’s the main reason why...| 0x44.cc
Context As we recently upgraded our home internet to try out Maroc Telecom’s 100mbps fiber offer, I’ve noticed that the Nokia router they installed had horrible Wi-Fi speed - the max I could to get standing next to it was around 60mbps down, while in the opposite room, the speed was always under 10mbps. What’s interesting is the fact that it had decent range - I get full bars most of the time, and my Wi-Fi adapter reports a 300mbps data rate. This got me intrigued, so I tried to take a ...| 0x44.cc
Introduction Process suspension is a technique which is quite well-known, and it is used for a variety of reasons (even by malicious software sometimes). The term “suspension” means “stoppin…| Opcode
software, cloud, infosec, and miscellaneous other stuff.| smlx.dev
Technical writeups by Meta’s Security folks, including Red Team.| Meta Red Team X
Disclaimer: Most of what is talked about here is not new, and has been used in the security industry for a long time. This article is meant to show how these techniques can be used to locate functions, variables, and structure offsets within games, rather than identify malware.| hacking with praydog
The Wine team is proud to announce that the stable release Wine 9.0 is now available. This release represents a year of development effort and over...| GitLab
Instructions for building an affordable Faraday cage| esp32-open-mac.be
In my last post, I figured out how to use Apple’s leaked Flasher utility from the 1990s to reflash a ROM SIMM inside of my Performa 630. It’s basically the Mac equivalent of a BIOS update, but only for Apple’s developers. The research involved in that post was quite a journey of reverse engineering from both a software and hardware perspective. I had to disassemble the code to figure out which computers were compatible and what the software was expecting to find. I also had to create a ...| Downtown Doug Brown
Binary available at We are given an ELF binary and I wasn’t very sure I could solve this since I have not played with ELF much. It was an easy challenge though-I thought Reversing 300 was sl…| Arvind S Raj's Blog
Binary available at Yet another .NET binary. Run it and it’s similar to Reversing 200: prints a line, read a line and exits. Decompiling using ILSpy and we get main. It’s too long so I&…| Arvind S Raj's Blog
Binary available at We’re given a .NET binary in this challenge. It merely prints a string and exits instantly. Decompiling it using ILSpy and we see the main routine as follows. Simple stuf…| Arvind S Raj's Blog
Binary available at We’re given a PE32 executable file. On executing it, it displays some encrypted key. So basically, the program encrypts the key and we(or something else :P) should decryp…| Arvind S Raj's Blog
Reverse engineering Bluetooth LE LED light controllers, or How I Bricked My Christmas Lights If a device communicates via Bluetooth LE and has an app, it deserves to be integrated into my home automation system. I’ve spent a significant amount of time reverse engineering various budget-friendly LED light strips to...| whizzy.org
It’s clearly a python compiled program since there is a libpython and also, when using decompiler, there was a function name PyDontWriteByteCode| Blog
This is a continuation of the previous post. If you didn’t read it, please go ahead and read at least until the TL;DR section. In summary, various web services perform TLS fingerprinting to identify whether you run a real browser like Chrome or Firefox or whether it is a tool like curl or a Python script. I created curl-impersonate, a modified version of curl that performs TLS handshakes which are identical to Firefox’s, thereby tricking said services to believe it is a real browser.| lwt hiker
Update: The second part about impersonating Chrome is up.| lwt hiker
This was a fun afternoon reverse engineering project so I figured I’d write a bit about it.| lwt hiker
From a 1.66GHz Atom to a 3.9GHz Skylake| marcan.st
A couple of months ago I stumbled upon a post on Hackaday about an inexpensive open-source USB 2.0 sniffer created by Alex Taradov. This is a really cool project! Normally, USB sniffers like this can cost thousands of dollars, especially if you’re paying for fancy protocol decoding and also want high-speed 480 Mbps support. This one costs about $50 in parts to assemble yourself, although it will take hours to solder and you will need some experience with hot air (or reflow oven) soldering s...| Downtown Doug Brown
