Margin Research (Page 3)

Margin Research Blog

Writings on Security, Research, and Technology

Pulling MikroTik into the Limelight
Jun 11, 2022

Pulling MikroTik into the Limelight

A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

Ian Dupont
By Ian Dupont
Harrison Green
By Harrison Green
Cannoli: The Fast Qemu Tracer
May 26, 2022

Cannoli: The Fast Qemu Tracer

Cannoli Cannoli is a high-performance tracing engine for qemu-user. It can record a trace of both PCs executed as well as memory operations. It consists of a small patch to QEMU to expose locations to inject some code directly into the JIT, a shared library which is loaded into QEMU

Brandon Falk
By Brandon Falk
The Chinese Private Sector Cyber Landscape
Apr 25, 2022

The Chinese Private Sector Cyber Landscape

As China's "decade-long quest to become a superpower" comes to fruition, the PRC has increasingly moved to eliminate barriers between its civilian-commercial industries and the State.

Margin Research
By Margin Research
Watching the Watchers
Apr 5, 2022

Watching the Watchers

Much of our world relies on open source projects. The Linux kernel is arguably the crowning achievement of the open source movement, the foundation of Google’s Android and NASA’s satellite software. But five of the top ten bug reporters are automated systems.

Winnona Bernsen
By Winnona Bernsen
Ian Roos
By Ian Roos
MikroTik Authentication Revealed
Feb 10, 2022

MikroTik Authentication Revealed

A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication

Ian Dupont
By Ian Dupont
Joe Lothan
By Joe Lothan
Hardware Hacking for Software Hackers
Jan 27, 2022

Hardware Hacking for Software Hackers

Introduction Hello! This resource is meant for anyone with some *nix/software/exploit dev. experience, but with little to no hardware/electronics background! While the ins and outs of basic circuits won't be covered (as there are many great resources for that online), the information is meant to

John Gorbachev
By John Gorbachev
Remote Android Debugging
Jan 14, 2022

Remote Android Debugging

Covid just made GDB obsolete, long live Frida! Imagine a world where you don’t have to press 500 keys just to get to the same state as you were in the last run and where you actually can introspect the runtime. Frida offers a somewhat clean way to debug

Martin Wennberg
By Martin Wennberg
An opinionated guide on how to reverse engineer software, part 1
Nov 2, 2021

An opinionated guide on how to reverse engineer software, part 1

This is an opinionated guide. After 12 years of reverse engineering professionally, I have developed strong beliefs on how to get good at RE.

Ryan Stortz
By Ryan Stortz
Bypassing glibc Safe-Linking: CSAW 2021 Quals (word_games)
Sep 15, 2021

Bypassing glibc Safe-Linking: CSAW 2021 Quals (word_games)

This post analyzes glibc-2.32+'s safe-linking feature introduced in December 2020 in the context of a CTF challenge developed for New York University's CSAW 2021 Quals competition

Ian Dupont
By Ian Dupont
Previous
Page 3 of 4
Next
arrow-up icon