Thank you!! We had a lot of fun!.

Uhhh I'm a little late posting this on Twitter but I made a comprehensive writeup for how we (BYU) exploited a memcmp() side channel for eCTF 2025 to get flags 🚩

Join millions who have switched to Grok.

Finally decided to finish a project that's been in the works for a while, I wrote some pretty in-depth (but unofficial) documentation for Python pickles -

Thank you to everyone who came to our @IoTvillage #defcon32 talk! We spoke about finding 0days in Vilo Home Routers, and have published our research and slides on GitHub

If you're going to be at DEFCON this year, come to Creator Stage 2 on Sunday at 12:30 for our talk on how we discovered 9x 0days in Vilo Home Routers!

pickledbg has been updated so it's now installable as a Python module. Note that pip install pickledbg will also make it runnable on the cmdline

Happy to announce I will be speaking at @IoTvillage for @defcon 32 with 2 of my schoolmates!! We will be speaking about how we discovered the first 0days for Vilo Home Routers!

Here's a writeup for the challenge Everlasting_Message, a reverse engineering challenge from @CODEGATE_KR 2024 Quals:

RT @h0mbre_: my biggest fear is posting something like “very interesting bug i found that results in a very tight race condition, unfortuna….

Just realized that I recently passed my 100th CTF that I've either played in or hosted!! I started in 2020, so it's been about 3.5 years total. Hats off to another hundred!.

Played in @SAINTCON's Hackers Challenge this past week and placed 1st, getting the black badge!! I ended solving all the challenges and loved every minute of it. Great job by an awesome staff who keep it relevant and exciting every year!

After doing some pickle CTF problems, I decided to make a Pickle Debugger tool (called pickledbg), and after using it in Seccon, I'm releasing it to the public. More stuff will come later but here's the finished product -

After encountering a bug in HITB Secconf CTF, I did some research into Flask's request.authorization object and how Authorization headers are parsed according to changes introduced in Flask 2.3. Read about that & interesting edge cases here

Published the source code and writeups for 3 challenges I made for the @RedTeamVillage_ CTF at DEFCON 31, the Home Network series. Check it out here -->

Finally got the CVEs reserved for my last 2 GL.iNET vulnerabilities, CVE-2023-33620 and CVE-2023-33621! Just requested for them to be published.

this ctf smh

I still haven't finished looking through all the endpoints or the new 4.x firmware version, so expect some more findings from me in the next couple of months!.

Last, I copied all the files from 3 separate versions of the filesystem to a GitHub repo to make it easier for other researchers to search for vulns. AAAAND I created a cool Python script that can be used to scan your own GL.iNET device (.

The last 2 CVEs are the same default HTTPS certificate across ALL routers (enabled MITM), and the Admin Token was passed through a GET parameter ( . CVEs have been requested on these 2 but I haven't heard back yet.

I also found a buffer overflow vulnerability in one of their library functions, guci2_get() (.