| https://twitter.com/_mattata | |
| Personal Blog | https://remyhax.xyz |
| Professional Blog | https://www.greynoise.io/blog |
| Pronouns | He/Him |
Android APK’s have a dedicated loader for Ghidra, but they’re also Archives with nested files which is a different loader. This causes quirks.
Here’s how to get around that and use the best tool.
Ghidra Is Best: Android Reverse Engineering
There’s a lot of “VPN’s are snakeoil, just use HTTPS” discourse again, so here, I’ll sell the farm for the sake of demonstrating exactly how wrong this argument is for phones.
You Want a VPN for Your Phone, Because Apps.
Graph Theory for Reverse Engineers
Or “everything actually is a nail, you just need a bigger hammer”
https://remyhax.xyz/posts/graph-theory-for-reverse-engineers/
Or “everything actually is a nail, you just need a bigger hammer” Graph Theory is a really neat subject matter relating to the modeling of pairwise relations between objects. When you understand graph theory, everything steadily becomes a graph theory problem, because pretty much anything can be.
Step One: How2 Z3
or "I hate math and always re-use the same z3 template when solving crackmes and CTF's and use BitVector because I can represent anything as BitVector and never need to learn more z3, so here's how I finally wrote it down"
Bots associated with this botnet can typically be recognized by distinctive hexadecimal banners featuring strings such as `head[...]1111` or `head[...]11111111`, predominantly appearing on TCP port 17000.
Since its initial detection, our ERT has closely monitored the activities and growth of #Eleven11bot . Early assessments indicate a large and geographically distributed botnet presence, spanning multiple countries such as the United States, Canada, Israel, Spain, the United Kingdom, Brazil, Taiwan, Romania, and Japan, among others.
Local, Private, AI Code Assistant in VSCode. The easy and free way.
Recently, products like Claude Code, Cursor, and Copilot have sprung to the forefront of my social media. I’ve ignored these for quite some time, but a coworker recommended that I try out <some product I can't remember> after I was fighting a particularly gnarly public codebase that had opaque documentation and involved a LOT of state machines.
Your LLMs were backdoored years ago.
The Xiaohongshu 小红书 REDnote 小红书国际版 "Backdoor"
Analysis: The existence of “backdoor” in the Xiaohongshu 小红书 REDnote app appears to be a problem in the connotation of the word itself among a global community, and nothing more.
Since this vulnerability is being successfully exploited in the wild, it probably is worth knowing if your system has been compromised, right?
A compromised box can easily fake (internal AND external) ICT results, and it can also fake the factory reset process as well. So is all hope lost?
Well, in the vast sea of bits on VirusTotal, apparently some good samaritan has uploaded a bootable ISO that can both decrypt an Ivanti ICS filesystem, as well as run the stand-alone ICT in a way that is truly stand-alone. i.e. it doesn't rely on your maybe-compromised running system not lying to you.
With some brief testing, it seems to work. And perhaps can be trustable as much as you trust a computer to boot from the media you specify.
https://www.virustotal.com/gui/file/2d76293e1639152e4871fba67cb5bdb010e444a3cd66bdf943503c48bba412c0/details
Deepfield
Mr. Bitterness
vox 
/sdcard/Android/data for "security" reasons?