fG!

2025-08-24 • software development encryption gpu cryptography brute force

The blog post details the author's journey in cracking four code signing certificates leaked in the APT Down incident, focusing on the challenges faced while decrypting a PVK key. The author discusses the use of a wordlist for bru...

2025-08-11 • cybersecurity hacking code signing advanced persistent threat lazarus group

The blog post discusses a recent leak of materials related to a possible Advanced Persistent Threat (APT) linked to China and/or North Korea, credited to hackers Saber and cyb0rg. The author analyzes the leaked content, including ...

2025-10-18 • career journey reverse engineering blog anniversary infosec

The author reflects on the 18th anniversary of their blog, recounting their journey from being bored at work to starting a blog that led to a career in InfoSec. They share experiences of traveling, speaking at conferences, and eng...

2025-04-04 • macos compiler development reverse engineering

The text discusses a simple macOS debugger detection trick that involves a feature in lldbinit to stop execution whenever an image is linked into the process. The author discovered that LLDB always sets an internal breakpoint on t...

2025-03-13 • macos debugging tools malware reverse engineering obfuscated code

The text discusses the reverse engineering of macOS cracks from the TNT warez group, which could potentially be used to leverage malware. It explores the obfuscated code, anti-debugging measures, and the process of bypassing them....

2024-11-29 •

...

2024-05-24 •

The author explores the Go checksum database and discovers that non-Go repositories are being stored in it. They conduct experiments to demonstrate that arbitrary data can be pushed to the checksum database without a connection to...

2023-10-20 •

The text discusses the author's research on attacking the hardware of an OpenRG modem. The author describes the process of reverse engineering the modem's firmware, including finding backdoors, default passwords, and remote manage...

2021-12-17 •

The text discusses the author's experience with reverse engineering the ShadowBrokers leaks and the tools involved. It focuses on the BPF part of the implant and the process of reversing the dewdrop binary. The author also explain...

2021-07-16 •

The author describes the process of building a custom and distributable lldb, addressing issues with Python, build systems, and code signing. The process involves building a universal ARM64/x86_64 Python, installing dependencies, ...

2021-03-11 •

The author discusses their desire to build a site to share links and their decision to use GitHub Actions and private repositories to automate the build process. They explain their use of Hugo as a static site generator and their ...

2020-09-26 •

Amnesty International released a report about FinSpy spyware made by FinFisher Gmbh. The report contains four macOS related hashes. The report discusses virtual machine detection and code obfuscation. The report also discusses the...

2020-09-17 •

The text discusses the discovery of a large number of binaries with the same size and the same code but different strings on VirusTotal. The author wrote a Mach-O stats utility in Go to confirm this. The author also decrypted the ...

2020-07-12 •

The author discusses updating their blog, including changes to the code, font, and menu bar. They also express disinterest in the macOS platform and a desire to focus more on reverse engineering. The post ends with a commitment to...

2020-03-03 •

The post discusses the discovery of an unreleased FruitFly/Quimitchin dropper script, its functionality, and the different options for infecting target machines. It also explains the different methods of persistency and the potent...

2020-02-18 •

The author explains why they left Twitter, citing issues with the platform's leadership, rules, and the nature of discussions. They also mention that they are not going away and have extra free time to get back to fun stuff.

2019-11-19 •

The text discusses the use of LLDB as a debugger in macOS, highlighting the lack of x86 hardware breakpoint support and the author's journey into the LLDB C++ codebase to implement this feature. It also provides instructions on bu...

2019-10-29 •

The text discusses the process of reversing Apple’s EFI firmware password reset scheme using SCBO files. It explains the use of an emulator and debugger based on Unicorn to solve the problem. The author also talks about the proces...

2018-10-25 •

The author discusses the annoyance of forgetting passwords and the process of recovering a forgotten password for Carbon Copy Cloner. They explore the process of disassembling the privileged helper tool and uncovering the password...

2018-10-06 •

The text is a detailed reverse engineering analysis of qwertyoruiop's crackme, a Cocoa app with a simple input field and button. The author revisits the crackme, deobfuscates strings, and reverse engineers constructors to generate...

2018-01-15 •

The author discusses their experience with gdb and the transition to using lldb, as well as the creation and improvement of lldbinit. They express their preference for command line debuggers and provide a link to the improved lldb...

2018-01-07 •

The text discusses the performance impact of the security features implemented by Linux to workaround the Meltdown and Spectre bugs on OS X. The author conducted tests to measure the impact of the 10.13.2 patch on different Mac mo...

2017-11-07 •

Federico Bento, a Portuguese exploiter, writes about his exploit of CVE-2017-5123, a Linux kernel vulnerability. He bypasses KASLR, obtains root via cred struct spraying, and demonstrates the exploit in a video. He details the vul...

2017-07-10 •

The text explains how to compile AFL's LLVM mode in OS X, despite the performance issues due to the high overhead of fork() system call. It provides a step-by-step guide on how to get this working with the latest AFL version, incl...