Margin Research Blog
Musings, insight, and hot takes on Security, Research, and Technology from the Margin Research team.
Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China"
Recently, Margin published a piece on China’s cyber militias and how they fit into their broader defense strategy. It’s gotten a very positive reception overall, but there’s one question that’s come up more than once, both in chats I’ve had and in other corners of
The Fake IT Worker Triangle: Pyongyang, Moscow, and Beijing
As North Korea sends thousands of troops to Russia, to aid with Russia’s full-on war on Ukraine, there is a concerning development in relations between Russia, North Korea, and China—Russia and China’s role in North Korean operations against Western tech firms. CoinDesk published a story on October
You Can’t Spell WebRTC without RCE - Part 3
This is the third and final part of our blog post series on Signal and iOS exploitation via the insertion of synthetic vulnerabilities. Part one explored Signal and WebRTC, detailing the injected vulnerabilities and the process of adding them. In part two we leverage these vulnerabilities to exfiltrate the Signal
You Can't Spell WebRTC without RCE - Part 2
This is the second part in our three-part series on exploring WebRTC, Signal-iOS, and iOS exploitation. The first post in this series surveyed WebRTC's implementation of various protocols, injected arbitrary read and arbitrary write vulnerabilities, and set up a research environment to trigger the vulnerabilities. This post continues
You Can't Spell WebRTC without RCE - Part 1
Injecting and Exploiting Synthetic Remote Vulnerabilities to explore Signal-iOS and WebRTC It’s another average Friday morning and my iPhone shows 705 unread Signal messages. Signal has not completely supplanted my use of iMessage, but it does dominate communications with industry peers and privacy-conscious friends. If you are a cybersecurity
Disassembling Dalvik
In this post, we announce the release of a small library for disassembling Dalvik bytecode. This serves as a foundation for building static analysis tooling for Android applications and system services in Rust. Read on for an example graphview application, or just check out the crate’s source and documentation
We know how to detect XZ and we know how to solve it
Security posture is relative. It is improper to designate something as perfectly secure, and anyone who claims otherwise is selling you something. We achieve a degree of security that lets us sleep at night by creating the most challenging maze possible for any would-be attackers. This strategy, often referred to
Same Same, but Different
What the i-Soon leak reveals about the Chinese offensive cyber capability industry.
Russia’s largest hacking conference: Biggest hits from Positive Hack Days 2023
Russia’s largest hacking conference, Positive Hack Days, recently took place in Moscow from Friday, May 19 to Saturday, May 20. The event was held at Gorky Park, a large park and cultural complex in Moscow, and split into an area freely open to the public and a village area
