How an anti ad-blocker works: Reverse-engineering BlockAdBlock If you've used an adblocker, you may have seen BlockAdBlock. This script detects your ad-blocker and disables website access until you deactivate your adblocker. But I found myself wondering how it worked. How does an anti ad-blocker detect adblockers? And how do adblockers react and block ad-block-blockers? Reverse-engineering through
GitHub Copilot, with “public code” blocked, emits my copyrighted code | Hacker News
Howdy, folks. Ryan here from the GitHub Copilot product team. I don’t know how the original poster’s machine was set-up, but I’m gonna throw out a few theories about what could be happening.If similar code is open in your VS Code project, Copilot can draw context from those adjacent files. This can make it appear that the public model was trained on your private code, when in fact the context is d
Rescue Your Amazon Dash Buttons – Chris Mullins
Earlier this year, Amazon announced that they’ll discontinue Dash Buttons. I don’t know how successful Dash Buttons were for their intended use, but Home Automation hackers have loved (mis-)using them for everything from warming up their coffee pot to keeping track of bodily functions. Unfortunately for us hackers, Amazon is an unforgiving god. Not only have they stopped selling Dash Buttons, but
FPGA design for Software Engineers // Walk N' Squalk Coding Blog
Over the last few years I’ve gotten more interested in electronics and FPGA design. I’ve also noticed that a lot of other software folks seem interested in doing the same, but often don’t know where to start. So, I think I have some interesting advice for software engineers that feel like dipping their toes into the hardware world from the point of view of a software engineer. In this post I’ll go
DFIR や Malware 解析などについての記事まとめ(2019年10月~2019月12月) - setodaNote
2023-01-10 2019年10月~2019年12月にツイートしたりリツイートしたツイートからまとめています。 DFIR関連 架空のシナリオに基づくフォレンジックCTF macOS上に現存するappの痕跡?-appList.datについて Emotet に関する感染の様子(タイムライン) これなしでは生きていけない10の無料フォレンジックツール フォレンジックアーティファクト収集ツール - Speaker Deck Malware解析関連 Predator the thief についての詳細解析記事 Azorult の解析記事 Emotet に関する詳細な調査報告レポート 自己完結型フィッシングページ(Self-Contained Phishing Page)の解析記事 二重底のような zip が攻撃に使われたそうです Palo Alto のブログで紹介されていた Powershell
An iOS zero-click radio proximity exploit odyssey
Posted by Ian Beer, Project Zero NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll cover the entire process to go from this ba
モバイルアプリケーション開発 10大チェックポイント 2023(JSSEC Mobile Top 10 2023)は、2016年のリリースを最に更新されていない「OWASP Mobile Top 10プロジェクト」を再解釈し、現在の状況にあった「Mobile Top 10」を選定しました。 OWASP(Open Web Application Security Project)※1 のLabプロジェクトである「OWASP Mobile Top 10 ※2」は、OWASPが数多く公開する啓発文書「Top 10」シリーズの一つで、スマートフォン(モバイル)アプリケーション開発者に対する意識向上を目的とした文書です。この文書は、スマートフォンアプリケーションの開発に気を付けなければならない10項目がわかりやすくまとめられており、開発者が最低限理解しておくべきことを記述した文章で構成されています。
Writing an open source GPU driver - without the hardware
After six months of reverse-engineering, the new Arm “Valhall” GPUs (Mali-G57, Mali-G78) are getting free and open source Panfrost drivers. With a new compiler, driver patches, and some kernel hacking, these new GPUs are almost ready for upstream. In 2021, there were no Valhall devices running mainline Linux. While a lack of devices poses an obvious obstacle to device driver development, there is
※記事内に“デザイン”に関連した言葉が便宜上多くでてきますが、むしろデザイナー以外の方に最後まで読んでいただけると嬉しいです。 一歩踏み出せば誰でもプロンプト・デザイナーに なりうる理由も書いております。 (English original text is below) はじめに 1. この記事は、2023/4/25に行われたイベント”Spectrum Tokyo Meetup #002”にて、私が発表した「Prompt Design | A New Approach to Experience Design」のプレゼン内容を思い出して、ちょっと味付けして機械翻訳で日本語化した内容です。 2.「プロンプト・デザイン」の定義や役割は曖昧ですがその可能性を狭めず、AI時代にAIと人間の新しい生活の形やサービス設計、インタラクションデザイン等に大きく貢献するための方法を模索中です。 3. 定義そ
Secret Management on iOS
Written by Mattt November 12th, 2019 This article has been translated into: 한국어 One of the great unsolved questions in iOS development is, “How do I store secrets securely on the client?” Baked into this question is the assumption that, without taking proper measures, those secrets will be leaked in one way or another — either in source revision control (GitHub and the like), from analysis tools r
TikTok has a reputation for its aggressive data collection. In fact, an article published on 22 December 2022 uncovered how ByteDance spied on multiple Forbes journalists using TikTok. While some of the data they collect may seem benign, it can be used to build a detailed profile of each user. Information such as user location, device type, and various hardware metrics are combined to create a uni
Reverse Engineering For Everyone! — by @mytechnotalent Wait, what's reverse engineering? Wikipedia defines it as: Reverse engineering, also called backwards engineering or back engineering, is the process by which an artificial object is deconstructed to reveal its designs, architecture, code, or to extract knowledge from the object. It is similar to scientific research, the only difference being
GitHub - secrary/Andromeda: Andromeda - Interactive Reverse Engineering Tool for Android Applications
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Conformant OpenGL® ES 3.1 drivers are now available for M1- and M2-family GPUs. That means the drivers are compatible with any OpenGL ES 3.1 application. Interested? Just install Linux! For existing Asahi Linux users, upgrade your system with dnf upgrade (Fedora) or pacman -Syu (Arch) for the latest drivers. Our reverse-engineered, free and open source graphics drivers are the world’s only conform
By Daniel Prizmant December 17, 2019 at 6:10 PM Category: Cloud, Unit 42 Tags: container security, container vulnerability, containers, Docker, Job Objects, JobObject, Kernel, microsoft, Object Silo, Reverse Engineering, Reversing, ServerSilo, Windows This post is also available in: English (英語) 概要 ここ数年、コンテナの人気はますます高まっています。数年前にこのことを認識したMicrosoftは、Microsoft Windows向けコンテナ ソリューションを提供するためにDockerと提携しまし
GitHub - nmlgc/ReC98: The Touhou PC-98 Restoration Project
This project aims to perfectly reconstruct the source code of the first five Touhou Project games by ZUN Soft (now Team Shanghai Alice), which were originally released exclusively for the NEC PC-9801 system. The original games in question are: TH01: 東方靈異伝 ~ The Highly Responsive to Prayers (1997) TH02: 東方封魔録 ~ the Story of Eastern Wonderland (1997) TH03: 東方夢時空 ~ Phantasmagoria of Dim.Dream (1997)
Update: since I wrote this post, I've been working on a new eBPF library for Rust called Aya, see https://confused.ai/posts/announcing-aya. If you're looking to use eBPF with Rust, I highly recommend you check it out! I originally wrote an earlier version of this post at the end of March, when I was working on adding uprobes support to redbpf. I wanted to blog about the work I was doing and needed
glxgears rendered on an Apple M1 After beginning a compiler for the Apple M1 GPU, the next step is to develop a graphics driver exercising the compiler. Since the last post two weeks ago, I’ve begun a Gallium driver for the M1, implementing much of the OpenGL 2.1 and ES 2.0 specifications. With the compiler and driver together, we’re now able to run OpenGL workloads like glxgears and scenes from g
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
Posted by hugeh0ge, Ricerca Security NOTE: We have decided to make our PoC exclusively available to our customers to avoid abuse by script kiddies or cybercriminals. If this technical report interests you, please contact us via email at "contact[at]ricsec.co.jp". 注意: 開発したPoCは弊社のお客様のみがご利用可能です。 PoCまたは和訳レポートにご興味のある方は"contact[at]ricsec.co.jp"までメールをお送りください。 Introduction On March 11, Microsoft released
The Art of Malware – Danus Minimus – Reverse Engineer and Malware Analyst
Bringing the Dead back to life I would like to dedicate this post(or perhaps series of posts) to Mark Ludwig, the author of The Giant Black Book of Computer Viruses, who passed away in 2011. You’ve sparked my initial interest in viruses back in 2013 when I was only 15, and although back then I could barely understand your book I would like to make some closure in modern day era. You saw viruses as
In a first, researchers extract secret key used to encrypt Intel CPU code
Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hacker
Award-winning news, views, and insight from the ESET security community ESET Research BlackLotus UEFI bootkit: Myth confirmed The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’
GitHub - acheong08/obi-sync: Reverse engineering of the native Obsidian sync and publish server
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - 0xZ0F/Z0FCourse_ReverseEngineering: Reverse engineering focusing on x64 Windows.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip. Introduction During the last year and a half, we (Damiano Melotti, Maxime Rossi Bellom & Philippe Teuwen) studied the Titan M, a security chip introduced by Google in their Pixel smartph
GitHub - stypr/clubhouse-py: Clubhouse API written in Python. Standalone client included. For reference and education purposes only.
Are you affiliated with those guys who built the website that streamed Clubhouse rooms? No. I am not affiliated with anyone or any company with regards to Clubhouse issues. Why did you develop this? what is your whole intention about releasing this to public? There has been a lot of articles about security concerns of Clubhouse when I joined Clubhouse. Clubhouse And Its Privacy & Security Risk Clu
Reverse-engineering the 8086's Arithmetic/Logic Unit from die photos
Computer history, restoring vintage computers, IC reverse engineering, and whatever The Intel 8086 processor was introduced in 1978, setting the course of modern computing. While the x86 processor family has supported 64-bit processing for decades, the original 8086 was a 16-bit processor. As such, it has a 16-bit arithmetic logic unit (ALU).1 The arithmetic logic unit is the heart of a processor:
Android Chrome 99 expands Certificate Transparency, breaking all MitM dev tools
Certificate transparency is superb improvement to HTTPS certificate security on the web that's great for users and businesses, but on Android it creates a huge problem for the many developer tools like HTTP Toolkit which install trusted system certificates into Android to intercept & debug app traffic. This doesn't appear in the main announcements anywhere, but buried deep in the enterprise releas
Mov - Esolang
Mov is an x86 assembly instruction identified to be Turing-complete by Stephen Dolan in mov is Turing-complete [1] and developed further by xoreaxeaxeax in Movfuscator [2]. It may also be considered the basis of a one instruction set computer archtecture which (unlike Subleq) does not have to use self modifying code. About the Mov instruction The mov instruction has a number of different forms. Le
Update on Windows 11 minimum system requirements and the PC Health Check app
All Microsoft Global Microsoft 365 Teams Copilot Windows Surface Xbox Deals Small Business Support Software Windows Apps AI Outlook OneDrive Microsoft Teams OneNote Microsoft Edge Skype PCs & Devices Computers Shop Xbox Accessories VR & mixed reality Certified Refurbished Trade-in for cash Entertainment Xbox Game Pass Ultimate PC Game Pass Xbox games PC and Windows games Movies & TV Business Micro
Frida を使ってみたメモ Frida frida.re 自分の Script を Inject したり、値を取得したり、色々なことができる Toolkit です。 リバースエンジニアリングとかする時に使うみたいですね。 iOS / Android にも対応しており、今回は Android の話です。 ちなみに日本語の記事もいくつかあります。 もし試す場合は自分のアプリや許可されているものを使用して試してください。 ここからの手順やコマンド、コードによって何が起きても私は責任を取りません。 入れてみる Rooted device のほうが簡単らしいのですが、持ってないので Without root で試します。 肝心の手順はここに全部書いており、写すことはしないのでこちらを参照してください。 koz.io 簡単に手順を書くと 1. apk を device から抜く (pm path と
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
H3ll0 fr13nds! My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will be a Linux host, specifically a Debian-based distribution, in this case, Kali Linux. I will also be using ‘checkra1n’ for the d
GitHub - NAalytics/Assemblies-of-putative-SARS-CoV2-spike-encoding-mRNA-sequences-for-vaccines-BNT-162b2-and-mRNA-1273: RNA vaccines have become a key tool in moving forward through the challenges raised both in the current pandemic and in numerous other
##version 0.21Beta 04/14/21: (updates intended to (i) clarify the clinical and research importance of sequence information and strand topology measurements, and (ii) clarify that the mRNA sequence is not a recipe to produce vaccine)## Dae-Eun Jeong, Matthew McCoy, Karen Artiles, Orkan Ilbay, Andrew Fire*, Kari Nadeau, Helen Park, Brooke Betts, Scott Boyd, Ramona Hoh, and Massa Shoura* Departments
Postman is an extremely popular application for developers testing remote web APIs. It lets you craft HTTP requests, interact with their responses, and go through the history of what you’ve sent and received. Many of these HTTP requests are authenticated, meaning that the application deals with API keys, login tokens, credentials, etc. In May, Postman pivoted to be a cloud-only product for many of
Software Architecture
Introduction In this article, I will try to explain what architecture and clean architecture is, and architecture's role in projects. Examples of web architecture application Let's consider an example of a service with one architectural level (Single Tier) In an application with one architectural level, the user interface, business logic, that is, the backend part of the application and the databa
One more step before getting this model. This model is open access and available to all, with a CreativeML OpenRAIL-M license further specifying rights and usage. The CreativeML OpenRAIL License specifies: \n\nYou can't use the model to deliberately produce nor share illegal or harmful outputs or content \nrinna Co., Ltd. claims no rights on the outputs you generate, you are free to use them and a
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos
Computer history, restoring vintage computers, IC reverse engineering, and whatever The Yamaha DX7 digital synthesizer was released in 1983 and became "one of the most important advances in the history of modern popular music"1. It defined the sound of 1980s pop music, used by bands from A-ha and Michael Jackson to Dolly Parton and Whitney Houston. The DX7's electric piano sound can be heard in ov
Part 1 - Discovering that your Bluetooth car battery monitor is siphoning up your location data
Hello Hacker News, thanks for visiting! TLDR A Bluetooth enabled battery monitor that records car battery voltages. The hardware requires a smartphone for pairing The product collects GPS co-ordinates, cell phone tower data and nearby Wifi beacons Location data is sent over the Internet to servers in Hong Kong and mainland China App store misleads consumers by stating that no personal data is coll
Posted by Natalie Silvanovich, Project Zero On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent. The bug was remarkable in both its impact and mechanism. The abili
GitHub - 0xdidu/Reverse-Engineering-Intel-x64-101: Material for a RE 101 class on Intel x64 binaries
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How an anti ad-blocker works: Reverse-engineering BlockAdBlock
JSSEC技術部会 モバイルアプリケーション開発 10大チェックポイント 2023 | JSSEC
プロンプト・デザインとは何なのか。|しょーてぃー/ Experience & Prompt Designer
Reverse Engineering Tiktok's VM Obfuscation (Part 1)
Introduction · Reverse Engineering
The first conformant M1 GPU driver
Windowsコンテナのリバース エンジニアリングから分かったこと
Intercepting Zoom's encrypted data with BPF
Dissecting the Apple M1 GPU, part IV
BlackLotus UEFI bootkit: Myth confirmed
Attacking Titan M with Only One Byte
動的解析ツール Frida を Android に使う - CORDEA blog
Lee Holmes | Security Risks of Postman
rinna/japanese-stable-diffusion · Hugging Face
The State of State Machines