remy🐀

@[email protected]
1.1K Followers
780 Following
272 Posts
Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect GreyNoise. Top percentage Rattata
Twitterhttps://twitter.com/_mattata
Personal Bloghttps://remyhax.xyz
Professional Bloghttps://www.greynoise.io/blog
PronounsHe/Him
remy🐀Oct 1

@GossiTheDog @greynoise Current CISA guidance recommends not blocking IPs related to the current campaign; which AFAICT is the first time that has ever occurred for an ED. This puts us in an interesting position. However, we also have many users equipped to utilize intel for hunting instead of outright blocking. Providing tags and reiterating the guidance given by CISA is the balance at this time.

We urge everyone to review and follow CISA guidance. Please understand that we may not be quite as verbose as normal while we navigate this unique situation.

remy🐀Sep 27
Show threadKevin BeaumontSep 26

I've identified a way to establish if a box is vulnerable to #CyberWillyWave and started internet scanning, 90k boxes in progress.

Results probably at weekend if I'm bored or early next week.

Spoiler: a lot of orgs don't patch their Cisco edge devices. To be vuln to the full chain you have to be over a year behind with updates... and most orgs are over a year behind.

remy🐀Aug 26, 2025

I bought a smartwatch and it arrived semi-functional. So I opened it up and fixed it.

Fixing the Lilygo T Watch S3 Plus

https://remyhax.xyz/posts/lilygo-t-watch-s3-plus/

Fixing the Lilygo T Watch S3 Plus LCD

My LILYGO T-Watch S3 Plus (with GPS) arrived with a non-functional LCD. Here’s how I fixed it. First, power off the device using the yellow switch in the back. Then using a PH00 Phillips head screwdriver…

REMY HAX
remy🐀Aug 7, 2025

Every year there’s some discourse around how safe/unsafe it is to scan QR codes at BlackHat and DefCon.
Last year, I set out to enumerate the scope, and did!
And then promptly forgot for a year.

QR codes you shouldn’t have scanned last year; this year.

https://remyhax.xyz/posts/no-scan-qr-code/

QR Codes You Shouldn't Scan

Number 3 may surprise you! I’m kidding of course, blatant web-based phishing attacks are boring. This blog isn’t about those. Most of these examples will probably surprise you in some way. This blog is about the spiraling mess of URI handlers, auth flows, proof-of-presence, and the complete lack of fuzzed code coverage of the ecosystem as a whole.

REMY HAX
remy🐀Jun 13, 2025

Android APK’s have a dedicated loader for Ghidra, but they’re also Archives with nested files which is a different loader. This causes quirks.

Here’s how to get around that and use the best tool.

Ghidra Is Best: Android Reverse Engineering

https://remyhax.xyz/posts/android-with-ghidra/

Ghidra is best: Android Reverse Engineering

Ghidra is the best Android app RE tool. It just seems like it’s not, because the loader has easily fixed quirks. Let me demonstrate.

REMY HAX
remy🐀May 17, 2025

There’s a lot of “VPN’s are snakeoil, just use HTTPS” discourse again, so here, I’ll sell the farm for the sake of demonstrating exactly how wrong this argument is for phones.

You Want a VPN for Your Phone, Because Apps.

https://remyhax.xyz/posts/you-want-a-vpn-for-your-phone/

You want a VPN for your phone, because apps.

VPN: phone, not desktop. WiFi: N/A. These statements are correct. Or at least as correct as is applicable to the general user in the scope of the following contextual blog which generally recommends that:

REMY HAX
remy🐀May 16, 2025

Graph Theory for Reverse Engineers

Or “everything actually is a nail, you just need a bigger hammer”

https://remyhax.xyz/posts/graph-theory-for-reverse-engineers/

Graph Theory for Reverse Engineers

Or “everything actually is a nail, you just need a bigger hammer” Graph Theory is a really neat subject matter relating to the modeling of pairwise relations between objects. When you understand graph theory, everything steadily becomes a graph theory problem, because pretty much anything can be.

REMY HAX
remy🐀Apr 5, 2025

Step One: How2 Z3

or "I hate math and always re-use the same z3 template when solving crackmes and CTF's and use BitVector because I can represent anything as BitVector and never need to learn more z3, so here's how I finally wrote it down"

https://remyhax.xyz/posts/z3/

Step One: How2 Z3

This article is a long time coming. z3, the constraint solver, is commonly used in crackmes and CTF challenges. Wherever possible, I just lift to angr for symbolic execution and bruteforce that way, since z3 is basically math bruteforce anyways.

remy🐀Mar 5, 2025
Show threadDeepfieldMar 1, 2025

Bots associated with this botnet can typically be recognized by distinctive hexadecimal banners featuring strings such as `head[...]1111` or `head[...]11111111`, predominantly appearing on TCP port 17000.

Since its initial detection, our ERT has closely monitored the activities and growth of #Eleven11bot . Early assessments indicate a large and geographically distributed botnet presence, spanning multiple countries such as the United States, Canada, Israel, Spain, the United Kingdom, Brazil, Taiwan, Romania, and Japan, among others.

remy🐀Mar 4, 2025

Local, Private, AI Code Assistant in VSCode. The easy and free way.

https://remyhax.xyz/posts/local-llm-code-ai/

Local, Private, AI Code Assistant

Recently, products like Claude Code, Cursor, and Copilot have sprung to the forefront of my social media. I’ve ignored these for quite some time, but a coworker recommended that I try out <some product I can't remember> after I was fighting a particularly gnarly public codebase that had opaque documentation and involved a LOT of state machines.