Margin Research (Page 1)

Margin Research Blog

Writings on Security, Research, and Technology

Same Same, but Different
Feb 29, 2024

Same Same, but Different

What the i-Soon leak reveals about the Chinese offensive cyber capability industry.

Winnona Bernsen
By Winnona Bernsen
Russia’s largest hacking conference: Biggest hits from Positive Hack Days 2023
Dec 5, 2023

Russia’s largest hacking conference: Biggest hits from Positive Hack Days 2023

Russia’s largest hacking conference, Positive Hack Days, recently took place in Moscow from Friday, May 19 to Saturday, May 20. The event was held at Gorky Park, a large park and cultural complex in Moscow, and split into an area freely open to the public and a village area

Justin Sherman
By Justin Sherman
Emulating and Exploiting UEFI Firmware
Sep 29, 2023

Emulating and Exploiting UEFI Firmware

One major difficulty of doing low-level security research is the lack of a testing and debugging environments. When testing regular userspace programs written in C and other high-level programming languages, there are a plethora of debugging tools like gdb to run, inspect, and modify a running process. Dynamically inspecting software

Joe Lothan
By Joe Lothan
Entity Resolution in Reagent
Jun 29, 2023

Entity Resolution in Reagent

One of the biggest challenges in many modern technologies is Entity Resolution, the practice of figuring out when two separate entities are actually the same thing, such as Git contributors. We leverage LLMs in our graph databases to solve this problem for GitHub contributors and more!

Matthew Filbert
By Matthew Filbert
Analyzing Russian Internet Firm Yandex, Its Open-Source Code, and Its Global Contributors
Mar 27, 2023

Analyzing Russian Internet Firm Yandex, Its Open-Source Code, and Its Global Contributors

Russian internet company Yandex has been in the news recently, and not just because it’s one of the leading and most globally reaching technology firms in Russia. The company, founded as a search engine in 2000 and now worth billions of dollars, announced plans in November 2022 to potentially

Justin Sherman
By Justin Sherman
DGraph Post-Mortem Analysis
Mar 15, 2023

DGraph Post-Mortem Analysis

Margin Research’s Social Cyber project was originally hosted on a graph database (DB) technology called DGraph. In an unfortunate turn of events, DGraph ceased to exist as a company, requiring the Margin Research team to migrate our analysis tool to a different graph DB: Neo4J. This brought the question

Matthew Filbert
By Matthew Filbert
Harness the Power of Cannoli: Implementing a Program Backtrace
Feb 8, 2023

Harness the Power of Cannoli: Implementing a Program Backtrace

So, you’ve heard about Cannoli, the high-performance tracing engine, but don’t know where to start. Perhaps you read the source code but don’t understand how to implement your analysis. Or maybe you’re someone who learns by example and finds inspiration in detailed walkthroughs. If so, this

Ian Dupont
By Ian Dupont
Ian Palleiko
By Ian Palleiko
Analyzing Russian SDK Pushwoosh and Russian Code Contributions
Dec 13, 2022

Analyzing Russian SDK Pushwoosh and Russian Code Contributions

Reuters recently reported on November 16 that Pushwoosh, the maker of a software development kit (SDK), was falsely representing itself as an American company when in fact the technology company is based in Russia. Its code is reportedly used in thousands of Apple and Google app store applications, and the

Justin Sherman
By Justin Sherman
smoothie_operator<<
Nov 23, 2022

smoothie_operator<<

Description This blog details a C++ heap exploitation challenge written for CSAW CTF Finals 2022. This challenge incorporates an OOB heap write primitive to corrupt heap metadata, creating a use-after-free (UAF) by clobbering the C++ std::shared_ptr struct. The challenge is a x86-64 ELF binary linked against glibc v2.

Ian Dupont
By Ian Dupont
Page 1 of 3
arrow-up icon