Margin Research Blog

Writings on Security, Research, and Technology

The Chinese Private Sector Cyber Landscape
Apr 25, 2022

The Chinese Private Sector Cyber Landscape

As China's "decade-long quest to become a superpower" comes to fruition, the PRC has increasingly moved to eliminate barriers between its civilian-commercial industries and the State.

Margin Research
By Margin Research
Watching the Watchers
Apr 5, 2022

Watching the Watchers

Much of our world relies on open source projects. The Linux kernel is arguably the crowning achievement of the open source movement, the foundation of Google’s Android and NASA’s satellite software. But five of the top ten bug reporters are automated systems.

Winnona Bernsen
By Winnona Bernsen
Ian Roos
By Ian Roos
MikroTik Authentication Revealed
Feb 10, 2022

MikroTik Authentication Revealed

A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication

Ian Dupont
By Ian Dupont
Joe Lothan
By Joe Lothan
Hardware Hacking for Software Hackers
Jan 27, 2022

Hardware Hacking for Software Hackers

Introduction Hello! This resource is meant for anyone with some *nix/software/exploit dev. experience, but with little to no hardware/electronics background! While the ins and outs of basic circuits won't be covered (as there are many great resources for that online), the information is meant to be presented

John Gorbachev
By John Gorbachev
Remote Android Debugging
Jan 14, 2022

Remote Android Debugging

Covid just made GDB obsolete, long live Frida! Imagine a world where you don’t have to press 500 keys just to get to the same state as you were in the last run and where you actually can introspect the runtime. Frida offers a somewhat clean way to debug

Martin Wennberg
By Martin Wennberg
An opinionated guide on how to reverse engineer software, part 1
Nov 2, 2021

An opinionated guide on how to reverse engineer software, part 1

This is an opinionated guide. After 12 years of reverse engineering professionally, I have developed strong beliefs on how to get good at RE.

Ryan Stortz
By Ryan Stortz
Bypassing glibc Safe-Linking: CSAW 2021 Quals (word_games)
Sep 15, 2021

Bypassing glibc Safe-Linking: CSAW 2021 Quals (word_games)

This post analyzes glibc-2.32+'s safe-linking feature introduced in December 2020 in the context of a CTF challenge developed for New York University's CSAW 2021 Quals competition

Ian Dupont
By Ian Dupont
WINTERN 2020: ZOMBIE LINK CRAWLER
May 28, 2021

WINTERN 2020: ZOMBIE LINK CRAWLER

This winter, I had the opportunity to intern at Margin Research. Being a computer science student who had little to no experience in security, I was nervous even applying. Despite that, I really wanted to dip my toes into security to see what it was like. I wanted a stretch

Justin Mai
By Justin Mai
WINTERN 2020: IOT FIRMWARE ANALYSIS
May 13, 2021

WINTERN 2020: IOT FIRMWARE ANALYSIS

For this project I did a partial analysis of the Wyze V2 Camera. It's a small camera that allows one to live stream video in 1080p to your phone from anywhere. It also supports motion/sound recording with cloud storage via AWS. This data can also be stored to an SD card.

Chase Kanipe
By Chase Kanipe
Page 2 of 3
arrow-up icon