Viscera Infest released their new album last month, and I could not find it anywhere other than on YouTube. I'm normally more thanhappy to purchase music if its not on streaming services, yet for some reason the only place Viscera Infest released the full version of Teratoma was on YouTube. This is a bit of a problem to listen to it on the go, as I typically only use YouTube on the TV.
Read moreI was recently part of a team workshop where we had to write some automation scripts, and call me old, but I was shocked to see a lot of the team calling binaries from python, rather than writing a bash script to do all of the processing. After talking to a few colleagues, I discovered that bash is not natural to them, like python is.
I never went to university, so all of my computer science stuff has very much been self taught, so I suppose that could be the reason why I'd prefer to write "parse.
Read moreI helped a colleague build a docker container that during the docker build phase would just produce a file, as there is no need for a full on image. To do this, we need a multi image container
FROM --platform=linux/aarch64 debian as builder #<do things> FROM scratch as artifact COPY --from=builder /full/path/to/file/to/copy /path/on/host And then you can build it like so.
docker build --target artifact --output type=local,dest=. . You then get a file from the build process on your host.
Read moreI don't really use much Ghidra in my day job, I tend to use a compination of IDA and Binary Ninja. My experience with Ghidra has been limited to CTF's.
I did pick up some tips and tricks when using Ghidra, and I feel like I should document that somewhere.
Custom Highlight When looking at the decompiler and you select a value, it does not make it overly clear if the value its used elsewhere.
Read moreRecently I found out that you can have multiple images in a Dockerfile. I found this really helpful for fuzzing, where I could build the harness in one docker image, and then copy only the harness to the AFL++ image. Here is a bit of a bare bone extract of my Dockerfile.
FROM --platform=linux/aarch64 debian AS builder # rest of the builder stuff FROM --platform=linux/aarch64 aflplusplus/aflplusplus:latest COPY --from=builder /build/harness /src/ COPY --from=builder /build/other_stuff_for_fuzzing /src/ This is useful, when we only care about the last stage.
Read moreI really want to be fuzzing more in general. Towards the end of last year I decided to play a bit with libfuzzer. Here is my quick test from the tutorial.
The command
wget https://github.com/google/fuzzing/raw/master/tutorial/libFuzzer/fuzz_me.cc /opt/homebrew/Cellar/llvm/17.0.6/bin/clang++ -g -fsanitize=address,fuzzer fuzz_me.cc ./a.out The output
--2023-12-21 16:13:34-- https://github.com/google/fuzzing/raw/master/tutorial/libFuzzer/fuzz_me.cc Resolving github.com (github.com)... 140.82.121.3 Connecting to github.com (github.com)|140.82.121.3|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://raw.githubusercontent.com/google/fuzzing/master/tutorial/libFuzzer/fuzz_me.cc [following] --2023-12-21 16:13:35-- https://raw.githubusercontent.com/google/fuzzing/master/tutorial/libFuzzer/fuzz_me.cc Resolving raw.githubusercontent.com (raw.
Read moreDenote is my new note taking system and I really wanted to add the phrack articles to denote so I can search and index them. At time of writing there are 70 articles, and you can download the archives for each one here. But I wanted to automate the whole process, and do it with Emacs lisp.
Downloading and extracting the articles This could be done with wget brace expansion and tar like so:
Read moreI love writing in org-mode It's much better than traditional markdown, however most markdown editors have the ability to render your text so you can preview it before. I argue that a good theme in Emacs allows for this, but none the less, I started looking into a way to render a folder with a bunch of org-mode files in it.
Hugo This blog's content is written in org-mode and then using ox-hugo converted to markdown.
Read moreI first heard of Haggus in 2022 when a friend showed them to me and from there I've been hooked on mincecore ever since, specifically the project Haggus. Earlier this year I made it to Obscene Extreme 24, and Haggus played.
My favourite album of theirs is Straight From The Slaughterhaus, that's not to say their other material is not good (because it is), I just really like this album.
Read moreMy background is in penetration testing and system/network administration. About a year ago I decided that penetration testing was not what it once was, and moved into vulnerability research, specifically researching all things Apple. Researching Apple devices I quickly came across the term PAC, and struggled to get my head around it. So because it seems like black magic voodoo I'm going to share and write up some notes on it.
Read more