REMY HAX

Cyber, AI, Disruption! There’s some impactful things going on in the world of AI right now and that can make people nervous. There’s also quite a bit going on the the world of Cyber as well, and that’s always gotten people a little shook. Mix them together in a few academic style whitepapers that get traction on social media and you’re got yourself quite the hype train, regardless of whether that was the intention or not.

Every few months there’s some sensational news reporting that some high profile individual doesn’t use bluetooth wireless headphones and everyone goes “Wait, what?”. From Taylor Swift’s public appearances featuring exclusive use of wired headphones to former Vice President Kamala Harris on The Late Show with Stephen Colbert stating:

My LILYGO T-Watch S3 Plus (with GPS) arrived with a non-functional LCD. Here’s how I fixed it. First, power off the device using the yellow switch in the back. Then using a PH00 Phillips head screwdriver…

Number 3 may surprise you! I’m kidding of course, blatant web-based phishing attacks are boring. This blog isn’t about those. Most of these examples will probably surprise you in some way. This blog is about the spiraling mess of URI handlers, auth flows, proof-of-presence, and the complete lack of fuzzed code coverage of the ecosystem as a whole.

There’s a new Erlang OTP vulnerability, CVE-2025-4748. It’s an Absolute Path Traversal vulnerability involving a Zip archive, which I have a lot of practice with. It affects Erlang OTP, which a coworker has already written about recently and noted the necessary steps to set up an environment.

Ghidra is the best Android app RE tool. It just seems like it’s not, because the loader has easily fixed quirks. Let me demonstrate.

Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.

VPN: phone, not desktop. WiFi: N/A. These statements are correct. Or at least as correct as is applicable to the general user in the scope of the following contextual blog which generally recommends that:

Or “everything actually is a nail, you just need a bigger hammer” Graph Theory is a really neat subject matter relating to the modeling of pairwise relations between objects. When you understand graph theory, everything steadily becomes a graph theory problem, because pretty much anything can be.

This article is a long time coming. z3, the constraint solver, is commonly used in crackmes and CTF challenges. Wherever possible, I just lift to angr for symbolic execution and bruteforce that way, since z3 is basically math bruteforce anyways. Regardless: