Latest Articles
Can Depix deobfuscate your data?
The censored text cracking tool By Caleb Herbert In this post, Caleb explores Depix and its potential to recover sensitive text from reports that were redacted by the original authors. You can use our guidance to enter the challenge and test your GPU’s mettle against the gauntlet we’ve thrown down! 1. What is Depix and how is it used?When sensitive information is about to be displayed to a reader, an author may blur the sensitive text so it can no longer be recognised. Blurring is intended to be used to redact text FOREVER… but I think that isn’t true anymore. We have some tooling that can unblur that text, and uncover quite interesting things that the original authors would have rather we didn’t know.
August 3, 2021,dray
Car Hacking - Manual Bypass of Modern Rolling Code Implementations
IntroductionI recently researched modern algorithms used by keyfobs to open cars. Since most of the blogs online talking about the topic are unfortunately quite old and in general and do not precisely describe the exact path followed in detail, nor the code used. I thought that talking about my experience could be interesting and inspiring for other researchers. I won’t go in depth on certain topics and I will assume that the reader has a general background in basic signals theory and is comfortable with terms like radio frequencies, gain, filters…
July 22, 2021,0x5c4r3
Obfuscating C2 During a Red Team Engagement
By shd Red Team and Magicians… 1.What is Command and ControlCommand-and-Control (C2) infrastructure is one the most important tools in a red teamer’s arsenal. In this article, we introduce a few simple methods that red teams use to harden their C2 infrastructure. C2 comes in various forms - but regardless they all share a basic function: they allow the red teamer (or threat actor) to communicate with a compromised machine. During an offensive campaign, testers may accumulate a number of compromised machines but it can be difficult and overwhelming to maintain, orchestrate, and control them in large numbers. On top of this to guarantee the campaign’s longevity, malicious communications back and forth to the compromised machine must be secure, obfuscated, and reliable, adding a further layer of complexity.
July 16, 2021,Donna