How I reversed a custom vendor binder on an Android TV, uncovered a parallel IPC universe built on /dev/sbinder, and hit every security layer in the way.
Learn how to reverse engineer Android native libraries by cleaning up JNI code in Ghidra and using Frida to bypass root detection and invoke native functions directly.
How to build a fully virtualized bootloader security lab with QEMU and U-Boot, and how to reverse engineer it.
A complete guide to SAML single sign-on (SSO): how the protocol and assertions work, and how to exploit common vulnerabilities like XML signature wrapping and signature stripping during a pentest.
Write-up of Moth, a reverse engineering challenge from ECW 2023 solved by analysing the binary in IDA and modelling a Suguru puzzle with the z3 SMT solver.
Write-up of SecretZip from MidnightCTF 2023, a memory forensics challenge using Volatility to dump a KeePass database and recover its master password via CVE-2023-32784.
Write-up of Heap, a forensic challenge I created for HeroCTF v5, analysing a Java heap dump to extract the secret data left behind in application memory.
Write-up of LSD-2, a steganography challenge I created for HeroCTF v5, hiding data in the least significant bits (LSB) of an image and recovering it with a short Python script.
Write-up of PNG-G, a steganography challenge I created for HeroCTF v5, where the flag is hidden across the frames of an animated PNG (APNG) image.
Write-up of Subliminal-2, a video steganography challenge I created for HeroCTF v5, extracting a flag hidden frame-by-frame inside an MP4 video with Python.