2024  1

May  

Abusing Go’s infrastructure

2023  1

October  

Attacking the heart of an OpenRG modem

2021  3

December  

Knock Knock! Who’s There? - An NSA VM

July  

How to build a custom and distributable lldb

March  

How to use GitHub Actions and private repositories to deploy a Hugo static site

2020  5

September  

The Finfisher Tales, Chapter 1: The dropper

Is macOS under the biggest malware attack ever?

July  

Blog Update

March  

FruitFly’s dropper script and its missing tricks

February  

Why I Left Twitter

2019  2

November  

How to make LLDB a real debugger

October  

Crafting an EFI Emulator and Interactive Debugger

2018  4

October  

Keygenning Carbon Copy Cloner Keychain Password

Reversing and Keygenning qwertyoruiop’s Crackme

January  

lldbinit - Improving LLDB

Measuring OS X Meltdown Patches Performance

2017  5

November  

Exploiting CVE-2017-5123

July  

How to compile AFL’s LLVM mode in OS X

June  

Blog migration to Hugo

Armory Sandbox – Building a USB analyzer with USB armory

EFI Swiss Knife – An IDA plugin to improve (U)EFI reversing

2016  5

July  

Shut up snitch! – reverse engineering and exploiting a critical Little Snitch vulnerability

June  

Apple EFI firmware passwords and the SCBO myth

April  

SyScan360 Singapore 2016 slides and exploit code

February  

The Italian morons are back! What are they up to this time?

January  

Reversing Apple’s syslogd bug

2015  12

November  

Gatekeerper – A kernel extension to mitigate Gatekeeper bypasses

London and Asia EFI monsters tour!

October  

Rootfool – a small tool to dynamically disable and enable SIP in El Capitan

August  

Writing Bad @$$ Lamware for OS X

July  

BSides Lisbon and SECUINSIDE 2015 presentations

Reversing Prince Harming’s kiss of death

May  

The Empire Strikes Back Apple – how your Mac firmware security is completely broken

April  

How to fix rootpipe in Mavericks and call Apple’s bullshit bluff about rootpipe fixes

How to bypass Google’s Santa LOCKDOWN mode

March  

BadXNU, a rotten apple! – CodeBlue 2014, SyScan 2015 slides and source code

January  

https is now (finally) supported!

Happy New Year!

2014  13

October  

Patching what Apple doesn’t want to or how to make your “old” OS X versions a bit safer

Can I SUID: a TrustedBSD policy module to control suid binaries execution

September  

The double free mach port bug: The short story of a dead 0day

June  

Shakacon #6 presentation: Fuck you Hacking Team, From Portugal with Love.

May  

About the processor_set_tasks() access to kernel memory vulnerability

April  

Revisiting Mac OS X Kernel Rootkits Phrack article is finally out!

Rex vs The Romans – Anti Hacking Team Kernel Extension

March  

Teaching Rex another TrustedBSD trick to hide from Volatility

February  

Don’t die GDB, we love you: kgmacros ported to Mavericks.

Analysis of CoinThief/A “dropper”

AppleDoesntGiveAFuckAboutSecurity iTunes Evil Plugin Proof of Concept

Updated version of Onyx The Black Cat

Linux/HackingTeamRDorks.A, a “new” and improved version of Linux/CDorked.A

2013  17

November  

Breaking OS X signed kernel extensions with a NOP

One small patch for GDB, one giant leap for reversers!

September  

Why ESET’s OS X Rootkit Detector is useless…

SyScan360 Beijing slides

July  

HiTCON 2013 slides

June  

Gone in 59 seconds: tips and tricks to bypass AppMinder’s Jailbreak detection

Another gift: Crackme #1 source code from hell!

May  

Clapzok.A: reversing the OS X part of a multiplatform PoC infector

Gimmedebugah: how to embedded a Info.plist into arbitrary binaries

The “all” new Onyx The Black Cat!

NoSuchCon #1 debrief and slides

Hydra, the sample util I am unable to describe!

There is an error in my SyScan slides!

SyScan13: Revisiting Mac OS X Rootkits presentation

March  

How to compile GDB in Mountain Lion (updated)

OS.X/Boubou – Mach-O infector PoC source code

February  

Ice the Guardian v2, the OS X anti-lamware

2012  31

December  

Happy new year, 2013 edition!

A quick review of Mac OS X and iOS Internals – To the Apple’s Core

November  

Otool-ng – a set of small patches to Apple’s otool

Kextstat_ASLR util or how to start hiding your kernel rootkit in Mountain Lion

October  

5 years of reverse.put.as

September  

My first Hackintosh

OS X Malware at Confraria de Segurança da Informação presentation slides

August  

Tales from Crisis, Chapter 4: A ghost in the network

Tales from Crisis, Chapter 3: The Italian Rootkit Job

Tales from Crisis, Chapter 2: Backdoor’s first steps

Tales from Crisis, Chapter 1: The dropper’s box of tricks

July  

ExtractMachO: an IDA plugin to extract Mach-O binaries from disassembly

HITCON 2012 Review and slides

Secuinside 2012 Review and Slides

June  

See you in Asia!

“Sandwich” CrackMe tutorial by qwertyoruiop

April  

A little social and economics experiment

How to compile GDB for iOS!

gdbinit v8.0: simultaneous support for x86/x86_64 and ARM architectures!

March  

Dynamic Code Encryption in OS X: the crackme example!

February  

A small improvement to OS X “rootkitery”: bruteforcing sysent discovery, fast & easy!

AV-monster: the monster that loves yummy OS X anti-virus software

Obfuscation #2: Playing entrypoint hide & seek game with dyld

A little more fun with Mach-O headers: adding and spoofing a constructor

Anti-disassembly & obfuscation #1: Apple doesn’t follow their own Mach-O specifications?

January  

Anti-debug trick #1: Abusing Mach-O to crash GDB

We have a crackme winner!!!

My first crackme… from hell, I hope :-)

A Mac OS X port of Phrack’s CheckIDT util by kad, or another way to retrieve sysent address

gdbinit v7.4.4 – the skip command

Some comments about plugin-alliance.com protection…

2011  38

December  

Merry Christmas, Happy New Year and some notes…

November  

Evil iTunes Plugins from Hell

gdbinit v7.4.3

Display Mach-O headers plugin for IDA

October  

How to create IDA C/C++ plugins with Xcode

Using OS X TrustedBSD framework to protect critical files

Poking around Sentinel HASP Envelope for Mac OS X :-)

A small rant about dongles: the developer who can’t correctly implement a HASP!

September  

Fixes for the TrustedBSD backdoor – Rex the wonder dog v0.2

Abusing OS X TrustedBSD framework to install r00t backdoors…

4th anniversary…

Apple Sandbox Guide v1.0

Apple’s Sandbox Guide v0.1 – early draft release

August  

Using Apple’s sandbox feature for reversing purposes

Removing iTunes 10.4 m3u processing feature with a small loader

Another patch for Apple’s GDB: the define/commands problem

How GDB disables ASLR in Mac OS X Lion

gdbinit v7.4.2, Github and Twitter

June  

gdbinit v7.4

Added a new page, Papers & Presentations

May  

A little vulnerability in The Heist iOS game or how to get (more) free Steam codes for Eets game!

How to remove iPad/iPhone/iPod Touch encrypted backups password if you forgot it

April  

An interview with CrackZ and (incomplete) source code to Contract Killer “trainer”

Newsflash: How to fuck up 40 million USD – The New York Times paywall and its iPad app

March  

Hacking a freemium iOS app: Contract Killer … or unlimited play without spending a dime (or any other currency)

Small update to gdbinit and to the website

February  

Update to GDB patches – fix for a “new” bug

There’s a new protection in town, Software Passport, from the developers of Armadillo :-)

It’s not my war but…

Universe’s best and legal Mac OS X reversing tutorial for newbies (or maybe not!)

Another update to gdbinit for iOS and ARM support to ptool.pl and offset.pl

January  

Need help with code signing in iOS!

gdbinit v0.1 for iOS (iPad at least :-))

How to make an iPad connect thru a ssh SOCKS proxy + iOS “spyware”

Why cracking the vast majority of Mac apps isn’t that sexy…

Reversing the exit(173) from the Mac App Store

The sad state of reverse engineering software/hardware protections

The Mac App Store… Security broken by design?

2010  11

November  

A semi-automated way to find sysent

October  

A new GDB frontend and some pics from the past

August  

GDB anti-debug, Otool/otx anti-disassembly… It’s Challenge number 3 !!!

How to Keygen MSJ Kracking Challenge ’10 – Challenge #1

June  

Very small update…

May  

Onyx the Black Cat v0.4 for Snow Leopard

OS X Crackmes

April  

gdbinit v7.3

reverse.put.as is back in a new format…

January  

Brief analysis of the VLOK protection

A new util to process Mach-O binaries information (or a replacement to otool -l)

2009  28

December  

Happy new year and a small christmas gift!

October  

Snow Leopard impact into reverse engineering world…

Small gdbinit update…

August  

GDB patches

Anatomy of a GDB anti-debug trick part II: GDB isn’t alone!

Reversing Pokerstars online poker client (I hope they aren’t from Vegas !!!)

Anatomy of a GDB anti-debug trick

Fix for Apple’s GDB bug or why Apple forks are bad…

Workaround for Apple’s GDB bug…

gdbinit 7.1.7 and some bla bla bla…

July  

A little disassembler for MPress packer…

How to dump a MPress packed binary…

A memory dumper for Apple crypted binaries! Hurray !!!

June  

How to dump an Apple protected binary

May  

“Removing” Apple code signing from a binary…

April  

Cracking a Mac OS X Screensaver

A bunch of old tutorials…

March  

Defeating Little Snitch and thinking about piracy…

Onyx The Black Cat v0.3

Mach-O binary offset calculator

Why is kernel debugging fun?

Mac OS X Kernel debugging with VMware

February  

Serial phishing tutorial !!! It’s hot hot hot ;)

World’s best Mac OS X reversing tutorial for newbies (or maybe not!)

January  

iWork/Photoshop Trojan or Botnet Binary found

Gdbinit v7.1.6

How to compile GDB and other Apple open source packages in Mac OS X

Mailing list and IRC channel

2008  20

December  

More gdbinit addons!

A lazy xmas gift or a lazy addon to gdbinit

November  

Apple’s GDB Bug?

What’s wrong in this picture?

gdbinit version 7.0 (and 7.1)

Onyx The Black Cat v0.2

Extended attributes in Mac OS X and Remote Buddy

October  

Onyx The Black Cat v0.1 – Anti Anti-debug kernel module

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler

September  

“Hacker” Challenge

PTHPasteboard 4.4.0! Generic Mac OS X protector is found?

News…

August  

Little Snitch continued or the broken nib files!

Kernel module for syscall interception and fixing ptrace

Mac OS X Age of Empires III 1.0.4 NO CD patch

July  

Mac OS X Code injection

June  

More Mac OS X anti-debugging

How to bypass a protection with a single byte

March  

Reversing You Control Desktops v1.2

February  

How to change /etc/hosts

2007  3

December  

Change network card MAC address

October  

GDB input radix option

Must have tools