Posts

2026

• Forrester Research Note - Mythos 10 Consequences - Finance Translation April 26, 2026

2022

• Revisiting Pegasus on iOS9 July 2, 2022

2018

• Source Level Debugging the XNU Kernel October 24, 2018
• Autogenerating defaults(1) Commands August 28, 2018
• Defaults Non-obvious Locations August 18, 2018
• Advanced defaults(1) Usage June 16, 2018

2015

• Broken, Abandoned, and Forgotten Code, Part 14 November 5, 2015
• Broken, Abandoned, and Forgotten Code, Part 13 October 8, 2015
• Broken, Abandoned, and Forgotten Code, Part 12 September 17, 2015
• Broken, Abandoned, and Forgotten Code, Part 11 July 16, 2015
• Broken, Abandoned, and Forgotten Code, Part 10 July 9, 2015
• Broken, Abandoned, and Forgotten Code, Part 9 June 25, 2015
• Broken, Abandoned, and Forgotten Code, Part 8 June 18, 2015
• Broken, Abandoned, and Forgotten Code, Intermission June 8, 2015
• Broken, Abandoned, and Forgotten Code, Part 7 June 4, 2015
• Broken, Abandoned, and Forgotten Code, Part 6 May 28, 2015
• Broken, Abandoned, and Forgotten Code, Part 5 May 21, 2015
• Broken, Abandoned, and Forgotten Code, Part 4 May 14, 2015
• Broken, Abandoned, and Forgotten Code, Part 3 May 7, 2015
• Broken, Abandoned, and Forgotten Code, Part 2 April 30, 2015
• Broken, Abandoned, and Forgotten Code, Part 1 April 23, 2015
• Broken, Abandoned, and Forgotten Code: Prologue April 22, 2015
• Bowcaster Feature: multipart/form-data February 20, 2015
• Patching, Emulating, and Debugging a Netgear Embedded Web Server January 31, 2015
• Remote Debugging with QEMU and IDA Pro January 3, 2015

2014

• Exploit Tunneling and Callback September 23, 2014
• Infiltrate 2014 May 16, 2014

2013

• Emulating and Debugging Workspace December 30, 2013
• BayThreat 2013 Presentation - Additional Resources December 7, 2013
• Netgear Root Compromise via Command Injection October 24, 2013
• Complete, Persistent Compromise of Netgear Wireless Routers October 22, 2013
• A Connect-back HTTP Exploit Server for Bowcaster October 9, 2013
• 44CON Presentation - Additional Resources September 12, 2013
• Insulting Recruiter Emails September 9, 2013
• Running Debian MIPS Linux in QEMU May 31, 2013
• Is your Mac's File System Protected? May 3, 2013
• Bowcaster's EmptyOverflowBuffer class (Tutorial Part 5) April 25, 2013
• Buffer Overflows with Bowcaster Part 4 April 8, 2013
• Crossbow is now Bowcaster April 8, 2013
• Buffer Overflows with Bowcaster Part 3 March 29, 2013
• Buffer Overflows with Bowcaster Part 2 March 28, 2013
• Buffer Overflows with Bowcaster Part 1 March 28, 2013
• Crossbow March 28, 2013
• Hacking is Bullshit February 10, 2013
• DLink DIR-815 UPnP Command Injection February 1, 2013

2012

• UPDATED: Responsible (non)Disclosure November 29, 2012
• Specifying Preferred Load Addresses for ELF Shared Libraries October 23, 2012
• Parsing Email and Fixing Timestamps in Python June 12, 2012

2011

• Long-form Reading 2011 December 16, 2011
• Reading List 2011 December 13, 2011

2009

• Handling HTTP Redirection in Ruby March 15, 2009
• Mounting LVM Disks in Ubuntu March 12, 2009
• How to sudoedit non-interactively January 8, 2009

2004

• The Shadow File December 15, 2004