968 Posts In Total


Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

There is a special circle in Hell for the people doing OSdev-ing on a MacBook M1 and I have booked my place there. Fuck Apple, fuck M1 and fuck Tim Cook.

We’re in terminal stages of the biggest disease known to mankind: the internet.

Humans can only understand the world through analogy, this is why simulation theory exists, reality is just too big for people, so they need to shrink it down to a model they can understand. Nowadays it’s video games and computers, a few thousand years ago it was tapestries and thread-weavers.

I just started watching Three-Body and let me tell you, it’s an amazing movie (with an amazing soundtrack). Make sure you read the books too.

The HP 200LX Palmtop PC, 1994

I seem to place more value on my life than you place on yours.

Turn your Android phone into real Amateur Radio HF/VHF/UHF APRS enabled Codec2 DV (digital voice) and/or FreeDV handheld transceiver.

Requires additional hardware (e.g. AFSK/LoRa), software (e.g. Direwolf) radio modem or analog transceiver with USB audio + VOX/USB CAT PTT control, such as MCHF or ICOM

For more information about FreeDV and Codec2 visit https://github.com/drowe67/codec2.

For detailed information about project Wiki. Codec2Talkie

This is the second part of the blog I wrote 3 days back on proxying DLL loads to hide suspicious stack traces leading to a user allocated RX region. I won’t be going in depth on how stack works, because I already covered that in the previous blog which can be accessed from the above link. We previously saw that we can manipulate the call and jmp instructions to request windows callbacks into calling LoadLibrary API call. However, stack tracing detections go far beyond just hunting DLL loads. When you inject a reflective DLL into local or remote process, you have to call API calls such as VirtualAllocEx/VirtualProtectEx which indirectly calls NtAllocateVirtualMemory/NtProtectVirtualMemory. However, when you check the call stack of the legitimate API calls, you will notice that WINAPIs like VirtualAlloc/VirtualProtect are mostly called by non-windows DLL functions. Majority of windows DLLs will call NtAllocateVirtualMemory/NtProtectVirtualMemory directly. Below is a quick example of the callstack for NtProtectVirtualMemory when you call RtlAllocateHeap. Hiding In PlainSight - Indirect Syscall is Dead! Long Live Custom Call Stacks

The lowest common denominator and the path of least resistance mainstream the most carnal of human inclinations. The corruptibility of human nature is boundless.

Here it is again, that deep sense of peace. Ever feel like you’re watching yourself from above?

If you want to be a good writer, you’ll need to understand all kinds of people. That doesn’t mean you should be a people-pleaser by agreeing with everyone, but you should extend even your worst enemies the maximum amount of empathy you can muster.

I grew up with BASIC and Turbo Pascal. My first programs were very simple graphical games. I still miss the era of BGI and BASIC’s painting commands. Those graphics were neither beautiful nor fast, but they were simple. Simple enough for a kid with only elemental geometry knowledge to build something exciting.

Even today, whenever I want to prototype or visualise something, to experiment with generative art or to write a toy graphical app – I feel nostalgic for the old days.

Sure, there is SDL2 and Qt and JavaScript Canvas and Löve and many others. But how hard could it be to build our own cross-platform graphical library from scratch? Minimal cross-platform graphics

When I discovered WebAuthn three years ago a quirky idea came to me: “what if you could also protect data with a security key?” The idea of a physical authenticator being used to encrypt and decrypt information stuck with me, even after I came to understand that WebAuthn couldn’t be used in that way.

Fast forward to 2023. The recent addition of the prf extension to the WebAuthn L3 Draft spec is introducing functionality to WebAuthn that makes my crazy idea possible! Imagine it: a quick tap to encrypt a super secret message, a short journey via sneakernet, then a quick tap to decrypt the message… Encrypting Data in the Browser Using WebAuthn

Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.

The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners. Gato (Github Attack TOolkit)

PNG is my favourite file format of all time. Version 1.0 of the specification was released in 1996 (before I was born!) and the format remains widely used to this day.

I think the best way to get to grips with a file format is to write code for reading or writing it. In this instance we’re going to write a PNG, because we can choose to focus on the simplest subset of PNG features. Hello, PNG!

Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) that could be used to modify a signed installer package without invalidating its signature. This vulnerability could be abused to bypass Gatekeeper, SIP and under certain conditions elevate privileges to root. Bad things come in large packages: .pkg signature verification bypass on macOS