Blog posts

Caido-cli is a proxy like BurpSuite, but written in Rust - but your dear borrow checker won’t stop a well-aimed linkerscript. Let’s make it free (as in freedom) again with C.

For the special one-off situations when you can’t use magisk or kernelsu, or if you really don’t want to use existing root solutions, you can get root with a backdoor’d kernel image.

A few days ago, I found an old Jiophone. At first, it appeared to be a simple, locked down KaiOS device. But after a day of tinkering around with it, I found myself running doom on it.

My story of migrating from docker containers to a more hacky bwrap + nix based jail for isolated, low-friction, reproducible security research environments.

Using a little bit of linkerscript magic and C to patch binaries the toolchain-intended way - instead of manually patching assembly instructions like a madman.