đ
Every few months thereâs some sensational news reporting that some high profile individual doesnât use bluetooth wireless headphones and everyone goes âWait, what?â. From Taylor Swiftâs public appearances featuring exclusive use of wired headphones to former Vice President Kamala Harris on The Late Show with Stephen Colbert stating:
My LILYGO T-Watch S3 Plus (with GPS) arrived with a non-functional LCD. Hereâs how I fixed it. First, power off the device using the yellow switch in the back. Then using a PH00 Phillips head screwdriverâŚ
Number 3 may surprise you! Iâm kidding of course, blatant web-based phishing attacks are boring. This blog isnât about those. Most of these examples will probably surprise you in some way. This blog is about the spiraling mess of URI handlers, auth flows, proof-of-presence, and the complete lack of fuzzed code coverage of the ecosystem as a whole.
Thereâs a new Erlang OTP vulnerability, CVE-2025-4748. Itâs an Absolute Path Traversal vulnerability involving a Zip archive, which I have a lot of practice with. It affects Erlang OTP, which a coworker has already written about recently and noted the necessary steps to set up an environment.
Ghidra is the best Android app RE tool. It just seems like itâs not, because the loader has easily fixed quirks. Let me demonstrate.
Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.
VPN: phone, not desktop. WiFi: N/A. These statements are correct. Or at least as correct as is applicable to the general user in the scope of the following contextual blog which generally recommends that:
Or âeverything actually is a nail, you just need a bigger hammerâ Graph Theory is a really neat subject matter relating to the modeling of pairwise relations between objects. When you understand graph theory, everything steadily becomes a graph theory problem, because pretty much anything can be.
This article is a long time coming. z3, the constraint solver, is commonly used in crackmes and CTF challenges. Wherever possible, I just lift to angr for symbolic execution and bruteforce that way, since z3 is basically math bruteforce anyways. Regardless:
Remy shares his experience building custom hardware for a scalable Bluetooth Low Energy (BLE) survey, discussing problems encountered, and providing a replicable solution that the audience can implement for approximately $100 (no soldering required).