Margin Research Blog

Writings on Security, Research, and Technology

DGraph Post-Mortem Analysis
Mar 15, 2023

DGraph Post-Mortem Analysis

Margin Research’s Social Cyber project was originally hosted on a graph database (DB) technology called DGraph. In an unfortunate turn of events, DGraph ceased to exist as a company, requiring the Margin Research team to migrate our analysis tool to a different graph DB: Neo4J. This brought the question

Matthew Filbert
By Matthew Filbert
Harness the Power of Cannoli: Implementing a Program Backtrace
Feb 8, 2023

Harness the Power of Cannoli: Implementing a Program Backtrace

So, you’ve heard about Cannoli, the high-performance tracing engine, but don’t know where to start. Perhaps you read the source code but don’t understand how to implement your analysis. Or maybe you’re someone who learns by example and finds inspiration in detailed walkthroughs. If so, this

Ian Dupont
By Ian Dupont
Ian Palleiko
By Ian Palleiko
Analyzing Russian SDK Pushwoosh and Russian Code Contributions
Dec 13, 2022

Analyzing Russian SDK Pushwoosh and Russian Code Contributions

Reuters recently reported on November 16 that Pushwoosh, the maker of a software development kit (SDK), was falsely representing itself as an American company when in fact the technology company is based in Russia. Its code is reportedly used in thousands of Apple and Google app store applications, and the

Justin Sherman
By Justin Sherman
smoothie_operator<<
Nov 23, 2022

smoothie_operator<<

Description This blog details a C++ heap exploitation challenge written for CSAW CTF Finals 2022. This challenge incorporates an OOB heap write primitive to corrupt heap metadata, creating a use-after-free (UAF) by clobbering the C++ std::shared_ptr struct. The challenge is a x86-64 ELF binary linked against glibc v2.

Ian Dupont
By Ian Dupont
Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem
Nov 10, 2022

Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem

Through our work on SocialCyber, we map sanctioned Russian cyber actors, their contributions to the linux kernel, and the private-sector firms supporting Russian cyber operations.

Justin Sherman
By Justin Sherman
An opinionated guide on how to reverse engineer software, part 2
Nov 8, 2022

An opinionated guide on how to reverse engineer software, part 2

The best reverse engineer is also a very capable software developer. Why you may ask? Because almost no one reinvents the wheel.

Ryan Stortz
By Ryan Stortz
Winternships and a new look
Nov 7, 2022

Winternships and a new look

The website has gotten a facelift! If you've been to our site before you might notice some changes. The most significant change is in our blog backend, making sharing our great research and new tool releases easier with the internet. Another big shift is consolidating all of our presentation material,

Sophia d'Antoine
By Sophia d'Antoine
Pulling MikroTik into the Limelight
Jun 11, 2022

Pulling MikroTik into the Limelight

A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

Ian Dupont
By Ian Dupont
Harrison Green
By Harrison Green
Cannoli: The Fast Qemu Tracer
May 26, 2022

Cannoli: The Fast Qemu Tracer

Cannoli Cannoli is a high-performance tracing engine for qemu-user. It can record a trace of both PCs executed as well as memory operations. It consists of a small patch to QEMU to expose locations to inject some code directly into the JIT, a shared library which is loaded into QEMU

Brandon Falk
By Brandon Falk
Previous
Page 1 of 3
Next
arrow-up icon