The “rusty_rev” challenge was, as the name suggests, a Rust reverse engineering challenge for the HackDay 2025 Qualifications CTF. Challenge Description Hello agent, a trusted source managed to find one of the most secured app of the black mist crew, but unfortunately, we can’t find the password to access it. We know your talents for reverse engineering, we need you to help us this password. Download: rust_rev SHA256: 71553d736b4299a40069ff3ae1fbd242b50f88b44c28a49ef559ac34248581d5 Dyna...| frereit's blog
Abstract In this blog post, we’ll be covering Microsoft Warbird and how we can abuse it to sneakily load shellcode without being detected by AV or EDR solutions. We’ll show how we can encrypt our shellcode and let the Windows kernel decrypt and load it for us using the Warbird API. Using this technique, you can hide your shellcode from syscall-intercepting EDR solutions allowing you to allocate executable memory, decrypt the shellcode, and jump to the decrypted shellcode all in one syscal...| frereit's blog
In this article we show how to use any Chromium-based browser as a C2 agent and Google Docs as a C2 proxy.| frereit's blog
Frederik Reiter Stuttgarter Str. 106 c/o Block Services 70736 Fellbach Phone: +49 15679 206983 Email: @ External links This website may contain links to external websites. The author cannot assume any liability for the contents of external links. The author explicitly distances himself from the contents and presentation of all linked pages and states clearly not to have any influence on the design and the contents of these links or on any additional offers.| frereit's blog
This personal blog is hosted on GitHub Pages, a static site hosting service provided by GitHub, Inc. This Privacy Policy outlines what information is collect when you visit this site, how it is used, and your rights regarding your data. Information I Do Not Collect Cookies: I do not use cookies on this blog. Tracking: I do not use any tracking tools or analytics services. Data Storage: I do not store any data from visitors to this blog.| frereit's blog
In the previous post, we discussed how to decode a Bootstring string. If you haven’t read it yet, I recommend you do so before continuing. This post will just quickly go over how encoding works to complete the picture. I’ll skip over the details of the generalized variable-length integers that we already discussed in the previous post. Recap We already saw how we can use the state machine to decode a Bootstring basic string.| frereit's blog
You may know about Punycode, a way to represent Unicode strings with only ASCII characters. It is used to encode domain names, for example “münchen.de” becomes “xn--mnchen-3ya.de”. Punycode, specified in RFC 3492, is technically just a set of parameters for a more general algorithm called Bootstring, which is specified in the same document. In this post, I will explain how Bootstring works and how to use it to decode an encoded string.| frereit's blog
In this section, I’ll be collecting links to articles, blog posts, and other resources that I find interesting without any categorization and in no particular order. The empty brain Invisible Salamanders in AES-GCM-SIV Exploiting V8 at openECSC Someone is going to dim the sun, and it will be soon. Get your work recognized: write a brag document Macht der Wahlberechtigten unter 30 Software disenchantment| frereit's blog
In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.| frereit's blog