Margin Research Blog
Writings on Security, Research, and Technology

The Chinese Private Sector Cyber Landscape
As China's "decade-long quest to become a superpower" comes to fruition, the PRC has increasingly moved to eliminate barriers between its civilian-commercial industries and the State.


Watching the Watchers
Much of our world relies on open source projects. The Linux kernel is arguably the crowning achievement of the open source movement, the foundation of Google’s Android and NASA’s satellite software. But five of the top ten bug reporters are automated systems.


MikroTik Authentication Revealed
A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication



Hardware Hacking for Software Hackers
Introduction Hello! This resource is meant for anyone with some *nix/software/exploit dev. experience, but with little to no hardware/electronics background! While the ins and outs of basic circuits won't be covered (as there are many great resources for that online), the information is meant to be presented


Remote Android Debugging
Covid just made GDB obsolete, long live Frida! Imagine a world where you don’t have to press 500 keys just to get to the same state as you were in the last run and where you actually can introspect the runtime. Frida offers a somewhat clean way to debug


An opinionated guide on how to reverse engineer software, part 1
This is an opinionated guide. After 12 years of reverse engineering professionally, I have developed strong beliefs on how to get good at RE.

Bypassing glibc Safe-Linking: CSAW 2021 Quals (word_games)
This post analyzes glibc-2.32+'s safe-linking feature introduced in December 2020 in the context of a CTF challenge developed for New York University's CSAW 2021 Quals competition


WINTERN 2020: ZOMBIE LINK CRAWLER
This winter, I had the opportunity to intern at Margin Research. Being a computer science student who had little to no experience in security, I was nervous even applying. Despite that, I really wanted to dip my toes into security to see what it was like. I wanted a stretch


WINTERN 2020: IOT FIRMWARE ANALYSIS
For this project I did a partial analysis of the Wyze V2 Camera. It's a small camera that allows one to live stream video in 1080p to your phone from anywhere. It also supports motion/sound recording with cloud storage via AWS. This data can also be stored to an SD card.
