Grant H

I finally took the time to distill my key research projects on my website with diagrams and artifact links. I'm really proud to have led and worked on so many exciting and challenging projects across the firmware, systems, and mobile security spaces. hernan.de/research/

Not even half way through March this guy declares manual CTFing dead because he got 1st place for 2026 on CTFTime through volume 😂 Here's the CTFs he's played in this year: ctftime.org/team/248318 CTFTime scoring model and voting system has as long as I can remember been very subjective (i.e. broken). This is giving "XBOW is the best hacker on HackerOne" energy. But lest I be accused of "cope" yeah I agree A.I. has permanently altered the meta and there's no going back. I'm out of the game these days but I have nostalgia for my active seasons of playing, challenge writing, and hosting CTFs before the "A1"

Pretty interesting SIP SDP vulnerability that uses a stack clash as the trigger. SIP headers are tricky to get right which makes this PoC cool. What's most interesting to me is that you can just execute shellcode after corrupting a function pointer. I have not done VR for UNISOC so this comes as surprise to me given other modem vendors have worked to eliminate RWX sections (not always successfully I might add). The next question I have is would this payload even survive transiting various carrier networks, each of which may have their own weird IMS infrastructure configurations

@vikare06 There's a great breakdown on many of these lost analog film effects by Animation Obsessive. It highlights how to remake them in a modern pipeline as done by Spirit Jumper animationobsessive.substack.com/p/dangerous-li…

Btw, in case you are wondering, the graphics were actually mostly vector graphics which were then directly digital laser printed on the 35mm film, which is why we don't have surviving animation cells of those interfaces. The warm glow you see in all the old interfaces comes from the exposure on the 35mm film.

Check it out github.com/librasn/rasn

Whoa, librasn is a rust ASN.1 parsing library that has a non-trivial compiler and supports multiple codec types (including UPER/PER!). I Wonder how it would do with 3GPP RRC parsing

@mahal0z @NDSSSymposium @SCAI_ASU @EURECOM @UniPadova Awesome work!

UPDATE: our work won a best paper award 🏆 @NDSSSymposium! Check out our work on establishing the first measurements for understanding how LLMs are changing reverse engineering. Shout out to the whole team from @SCAI_ASU, @EURECOM, and @UniPadova

@daveaitel Nice! I may have missed it but what disassemblers / decompilers are used for analysis?

Design is my passion

@ElectronicsbyJH The fonts and 3D cover are truly a product of the 90s

HDL Chip Design by Douglas J. Smith. If I recall correctly, I got this book after hearing about it through Jeri Ellsworth. What I’ve really found useful are the side-by-side VHDL and Verilog examples.

My money is on this being a DSP firmware limitation. These get boot time memory carveouts sooo maybe a fixed size buffer of client refs which also limits heap fragmentation. A DSP client can load a beefy ELF into the remote, so if the carveout is fixed, they'd have to limit it. But damn, 10 clients? What year is it?

"support more than ten concurrent process at a time" wtf?

@stevelauda_ Any chance you'd be willing to share a few more?

Sometimes most of my interface imagination looks like this in my head, shows up vividly. Probably because I've collected more than 10,000 artifacts around this style. Credit goes to all the respectful owner of all of this beauty.

@jshguo I remade this in TiXL for a quick test. Blend mode is additive and it gives a similar effect. Left has no gamma correction and right is tone mapped

@jshguo What color space is this? Wondering if the values are being clamped to 255 or if they could be HDR tone mapped

Color Dodge always gives me such a cool effect.

I really recommend giving it another shot! I found season one and two to be hard, due to pacing and having to watch Elliot's mental illness progress, but it's all building up to the later seasons which are some of my favorite TV ever. The accurate hacking drew me in but the filmic elements are what I personally remember the most years after watching. The dystopian cyberpunk world building as a constant backdrop to the foreground story really feels even more relevant today than it did when the show came out. This does make it less of an escape than other content but I think it's worth it.

@hetmehtaa Never got past the first few episodes

Am I the only one who never finished all episodes because it got boring in between?

The chip I've chosen for prototyping is the CC2340R5, which supports multiple RF protocols including BlueTooth LE. It's got a Cortex-M series and has a standby mode power draw of around 300 nA. Since I plan on using a CR2032 to power my design, this will be most welcome

I've been suffering under the Texas Instruments code composer studio thumb and I'm about to give up and use Zephyr. zephyrproject.org I remembered CCS being bad but man the Linux support is really bad. Give me VSCode and make...

Finally getting back to hardware after an extended period. I'm going to be prototyping a Bluetooth LE peripheral paired with an Android/iOS app. Hopefully will lead to a PCB design and some 3D printing.

Once again, my bacon is saved by debootstrap + schroot. Really powerful combination to get the benefits of arbitrary Ubuntu / Debian releases without resorting to Docker fiddling or virtual machines (just plain old chroot). I'm a bit behind on LTS releases on my host machine...

This plus US telcos are already hosed from Salt Typhoon. Misses the forest for the trees, but at least it's something despite the political framing. I wonder if stuff like this will eventually lead to telcos being forced to require identity documents for purchasing SIMs...

This story is nonsense. It's just normal criminal enterprise for sending SMS spam and anonymous messages. Somebody used this service to send SMS threats to some politicians, so the Secret Service traced it back here. They are describing it as some special political threat ("35 mile radius from the UN") when it's just perfectly normal criminal enterprise. We know it's a crap story because to the way the New York Times story on this cites anonymous sources in the administration, and then James A. Lewis to confirm it. This guy, formerly of the CSIS think tank, is the the NYTimes regularly trots out to confirm cybersecurity claims by anonymous government officials. Ir's just normal crime folks, there's absolutely none of the threats here that they claim.

How can you trust an LLM to dutifully perform these kinds of "spam vs ham" tasks when given the same inputs it will give probabilistically distributed outputs? Well thankfully this excellent first blog post from a mysterious new company (?) assuages some of my concerns. thinkingmachines.ai/blog/defeating…

I've been thinking about how LLMs (bear with me) are being employed in more and more security focused applications but I wasn't able to reconcile their non-determinism during inference (for example, identifying if an NPM package is malicious).