Blog Category: technology

Cannoli: The Fast QEMU Tracer

Cannoli is a high-performance tracing engine for qemu-user. It can record a trace of both PCs executed as well as memory operations. It consists of a small patch to QEMU to expose locations to inject some code directly into the JIT, a shared library which is loaded into QEMU to decide what and how to instrument, and a final library which consumes the stream produced by QEMU in another process, where analysis can be done on the trace. … Read More 

The Chinese Private Sector Cyber Landscape

As China's "decade-long quest to become a superpower" comes to fruition, the PRC has increasingly moved to eliminate barriers between its civilian-commercial industries and the State. Companies within the technology industries, particularly domestic cybersecurity enterprises, increasingly stand at the forefront of their fields, offering insight and services that are not only unparalleled in their scope, but that also represent a tremendous potential resource for China's government and military. For those interested in the development of China's political and military strategy, understanding China's domestic cybersecurity ecosystem is critical. … Read More 

Watching the Watchers

Analyzing corporate automated bug reporters in the Linux Kernel … Read More 

MikroTik Authentication Revealed

MikroTik altered its router authentication protocol in 2019, a change which frustrated developers, system admins, and researchers whose customized tooling is now broken. Our team at Margin Research successfully reverse engineered the new process, are we are excited to share protocol details. This blog post outlines the cryptographic steps and offers proof of concept programs to demonstrate the new protocol. … Read More 

Remote Android Debugging

Remote android debugging across the planet using Frida. … Read More 

An opinionated guide on how to reverse engineer software, part 1

Reverse engineering is just one step on the road to some final goal. Which could be to reimplement someone’s algorithm, interoperate with a new system or application, look for software vulnerabilities you can exploit, make game cheats, or revive old dead software to run on new systems. This is the first post in a series meant to help improve your static reverse engineering skills. … Read More 

WINTERN 2020: Zombie Link Crawler

In this post, our intern Justin Mai documents his process of creating a scraper to find dead or "zombie" links. These are links where the domain has expired and is able to be registered, potentially by an adversary to bring their unsuspecting victims to malicious sites. … Read More 

WINTERN 2020: IoT Firmware Analysis

Read More 

A Retrospective on Modern Information Operations

In 2019, Margin Research gave a presentation at SummerCon in which we explored threats relating to social media astroturfing with the intent of conducting disinformation campaigns. We reviewed known attacks and presented our framework for studying disinformation campaigns. Since then, this field has developed considerably alongside our investigations into novel attack surfaces introduced by manipulating the social dynamic in digital spaces. … Read More 

The Risks of Huawei Risk Mitigation

While there is widespread agreement that Huawei devices in 5G infrastructure pose some risk to the U.S. and allied nations, the policy community—in particular the U.K.’s National Cyber Security Centre—has paid insufficient attention to the technical aspects. The discussion must examine not simply whether China would use this technology maliciously, but the specific threats that Huawei equipment could pose and the extent to which these threats can be mitigated. … Read More