Cyber, AI, Disruption! There’s some impactful things going on in the world of AI right now and that can make people nervous. There’s also quite a bit going on the the world of Cyber as well, and that’s always gotten people a little shook. Mix them together in a few academic style whitepapers that get traction on social media and you’re got yourself quite the hype train, regardless of whether that was the intention or not.
Every few months there’s some sensational news reporting that some high profile individual doesn’t use bluetooth wireless headphones and everyone goes “Wait, what?”. From Taylor Swift’s public appearances featuring exclusive use of wired headphones to former Vice President Kamala Harris on The Late Show with Stephen Colbert stating:
My LILYGO T-Watch S3 Plus (with GPS) arrived with a non-functional LCD. Here’s how I fixed it. First, power off the device using the yellow switch in the back. Then using a PH00 Phillips head screwdriver…
Number 3 may surprise you! I’m kidding of course, blatant web-based phishing attacks are boring. This blog isn’t about those. Most of these examples will probably surprise you in some way. This blog is about the spiraling mess of URI handlers, auth flows, proof-of-presence, and the complete lack of fuzzed code coverage of the ecosystem as a whole.
There’s a new Erlang OTP vulnerability, CVE-2025-4748. It’s an Absolute Path Traversal vulnerability involving a Zip archive, which I have a lot of practice with. It affects Erlang OTP, which a coworker has already written about recently and noted the necessary steps to set up an environment.
Ghidra is the best Android app RE tool. It just seems like it’s not, because the loader has easily fixed quirks. Let me demonstrate.
Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.
VPN: phone, not desktop. WiFi: N/A. These statements are correct. Or at least as correct as is applicable to the general user in the scope of the following contextual blog which generally recommends that:
Or “everything actually is a nail, you just need a bigger hammer” Graph Theory is a really neat subject matter relating to the modeling of pairwise relations between objects. When you understand graph theory, everything steadily becomes a graph theory problem, because pretty much anything can be.
This article is a long time coming. z3, the constraint solver, is commonly used in crackmes and CTF challenges. Wherever possible, I just lift to angr for symbolic execution and bruteforce that way, since z3 is basically math bruteforce anyways. Regardless:
Remy shares his experience building custom hardware for a scalable Bluetooth Low Energy (BLE) survey, discussing problems encountered, and providing a replicable solution that the audience can implement for approximately $100 (no soldering required).
Recently, products like Claude Code, Cursor, and Copilot have sprung to the forefront of my social media. I’ve ignored these for quite some time, but a coworker recommended that I try out <some product I can't remember> after I was fighting a particularly gnarly public codebase that had opaque documentation and involved a LOT of state machines.
Plagiarism is an ethical violation. Always has been. As such: “A computer can never be held accountable, therefore a computer must never make a management decision”.
Recently I ran into a headache of Out-Of-Memory errors when using Binary Ninja. Specifically, this was in relation to dissassembling a Mach-O aarch64 binary from an iOS app grabbed from decrypt.day.
The popular social media app “TikTok” is likely facing an iminent ban in the United States in the coming days. This has resulted in a mass migration to the Chinese app 小红书 (meaning “little red book”), Xiaohongshu, or simply “REDnote”.
I’m sorry, but I can’t help with that. We acheived AGI. The clankers died on Christmas. This post is scheduled to automatically publish: 2025-12-25. Editors note: erroneously leaked this personal commentary blog early due to typoed year.
Recently I needed to get the data off of a LUKS encrypted partition on a Virtual Machine that “wasn’t mine” and I’d never done it before. As you might imagine, a huge headache ensued.
In iOS if you are: Using Apple Maps for directions Playing Music Connected to a car over Bluetooth (not Apple CarPlay) …when you pause your music it will remain paused until the next direction is audibly announced by Apple Maps. At which point, the music will unpause itself once the Apple Maps voice is done talking. Additionally, because all music apps for iOS utilize the OS-hosted audio contols, closing the music app entirely does not stop this behavior. You must uninstall the app. You may think that navigating to iOS settings and disabling that app’s ability to utilize mobile data may limit the impact. However, this simply makes it play the current song which has already been cached.
In this blog, the second in the series, you will learn about how to build a database of Bluetooth Low-Energy (BTLE) Generic Attribute (GATT) Universally Unique Identifiers (UUIDs) capable of remotely identifying Bluetooth Low-Energy devices for the purposes of vulnerability research, exploitation, and quantifying impact.
Recently Sift caught an interesting payload. As it turns out, the exploit was CVE-2024-0769, which is now tagged here: D-Link DIR-859 Information Disclosure Attempt .
The M5Stack CoreMP135 w/ STM32MP135D is a versatile little DevKit recently released by M5Stack at the $75 price range. I’m a big fan of M5Stack and have purchased many of their kits over the years, with each kit being versatile enough to have served for 10+ projects each over it’s lifetime without issue.
For this last years Binary Golf Grand Prix the goal was to: Create the smallest self-replicating file. Requirements: Produce exactly 1 copy of itself Name the copy “4” Not execute the copied file Print, return, or display the number 4 I sat down with some beer, as one does, and resolved that my personal twist on the challenge would be to not just do a single filetype, but a chain of obscure filetypes. I scripted out enumeration of all of the default file handlers for Windows 7 in a blog I titled Obscure Windows File Type.
On April 18th, 2020 during peak COVID I did my first real foray into Bluetooth Low-Energy (BTLE) privacy and security. A neighbor in my apartment complex lost their Fitbit Charge 2 smartwatch. I succeeded in “cloning” the watch’s Bluetooth profile in such a way that I could observe when the rightful owners phone would attempt to connect, thus indicating and tracking that the owner was in local proximity. This worked and the smartwatch was returned to it’s rightful owner.
In order to see CVE-2023-50164 in the wild, I expect that in the coming weeks, we will see research into vendor and product specific implementations leveraging Apache Struts2 in order to determine exactly what path must be traversed to in order to drop a web shell so that it can be called remotely through a public interface over the defined routes.
Do you know all of the default Windows 7 file formats? I’ve certainly seen a few in my time, though I can’t say I’ve seen a corpus of all the samples in one place.