Profile avatar
remyhax.bsky.social
Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect @greynoise.bsky.social , DM's open. Top percentage Rattata. #cve #infosec #cybersecurity https://remyhax.xyz/
92 posts 1,241 followers 741 following
Prolific Poster
Conversation Starter
Posts 31 Comments 18

Black Hat have published my original CFP submission for "Listen to the Whispers: Web Timing Attacks that Actually Work". I put a lot of effort into this CFP to avoid being discarded as 'yet another timing talk' - you can find it in full here: i.blackhat.com/BH-US-24/cfp...

submitted 2 days ago β€’ 0 comments

AUSA Hagan Scotten, former clerk for John Roberts, really put some mustard on his resignation letter.

submitted 13 days ago β€’ 852 comments

if anyone happens to have a spare districtcon ticket, I'd love to buy it off you!

submitted 18 days ago β€’ 0 comments

🌈πŸ₯‚πŸ’•πŸ’πŸ’

submitted 22 days ago β€’ 1 comment

Your LLMs were backdoored years ago. remyhax.xyz/posts/plagai...

submitted 22 days ago β€’ 0 comments

Usually I talk about cybersecurity, but my work feels kind of pointless while the US government is doing more damage to its own security than any of its adversaries, so I'm just getting wrecked and playing video games instead.

submitted 23 days ago β€’ 50 comments

OpenAI shocked and appalled that an AI company would steal intellectual property www.404media.co/openai-furio...

submitted 29 days ago β€’ 127 comments

weak.Pointer (Go 1.24+), runtime.AddCleanup (Go 1.24+), and sync.Map combine wonderfully into a 20-lines weak map. #golang It associates values to keys, with automatic garbage collection once the key becomes unreachable. Using it to tie precomputed FIPS keys to PrivateKey values we can't modify.

submitted 35 days ago β€’ 11 comments

I'll be speaking at @districtcon.bsky.social ! We're gonna build custom Bluetooth hardware for $100 (no soldering required), learn well-informed shortcuts for remote identification, oblique strategies for exploitation, and pop some shells. Wanna learn why DoS is dangerous again? Come join!

submitted 36 days ago β€’ 2 comments

Will start a running thread of the first day official proclamations and EOs; just links to the actual texts. If you want to tune it out feel free to mute the thread >

submitted 37 days ago β€’ 104 comments

On January 19, 2025, ByteDance shut down access to TikTok and other owned/operated apps for US users, causing an 85% traffic plunge and a rapid shift to alternatives like RedNote. Here's what we observed: blog.cloudflare.com/tiktok-ban-t...

submitted 39 days ago β€’ 0 comments

Portrait of the Hilbert curve corte.si/posts/code/h...

submitted 39 days ago β€’ 0 comments

Here's a thing I made last year. It's a 16 step sequencer that throws Windows error sounds

submitted 41 days ago β€’ 4 comments

The Meta AI lawsuit where they pirated massive amounts of academic papers using LibGen etc… is hilarious because those PDF’s are massively watermarked for 10 years now with embedded encodings and zero-width spaces. Congrats on breaking the law and invisibly poisoning your model

submitted 40 days ago β€’ 1 comment

it's soup you can suck on www.generalmills.com/news/press-r...

submitted 42 days ago β€’ 151 comments

Worst Fit by @orange.tw. Nasty stuff. blog.orange.tw/posts/2025-0...

submitted 45 days ago β€’ 0 comments

How do you fix a broken Bluetooth connection? You re-pair it.

submitted 46 days ago β€’ 2 comments

mitmproxy 11.1 is out! πŸ₯³ We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings. More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. πŸ˜ƒ

submitted 46 days ago β€’ 2 comments

Just starting to scan #IPv6 at application layer and already found a compromised device running a #MeshCentral #C2 #Panel

submitted 46 days ago β€’ 0 comments

I got a Numworks calculator and I don't like that you have to log into their website to modify the scripts on the device so I created a python script to do that. I have only tested this with the N0120 running 23.2.5 firmware. STM32 under the hood, uses DFU for transfer. github.com/noctonic/nmwks

submitted 47 days ago β€’ 0 comments

We broke something: in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application We wrote it down for you to try at home: modzero.com/en/blog/spri...

submitted 48 days ago β€’ 1 comment

check out this tool for easy Linux kernel building and debugging - easylkb made by me and @vacci.ne :) writeup: tmpout.sh/3/20.html repo: github.com/deepseagirl/...

submitted 47 days ago β€’ 2 comments

New blog post. This time about being as accurate as possible to loading and injecting an executable image without touching disk. tl;dr use transactions and NtCreateSection/NtMapViewOfSection. amethyst.systems/blog/posts/m... Enjoy! #infosec #malware

submitted 49 days ago β€’ 0 comments

According to Giraffe Security, AWS staff have somehow managed to re-introduce the same RCE vulnerability into its platform three times over the past four years giraffesecurity.dev/posts/amazon...

submitted 49 days ago β€’ 3 comments

Eating ice cream but all I have are these stupid chopsticks this is bullshit

submitted 51 days ago β€’ 7 comments

Wow @propublica.org is really killing it these days. By far some of the best reporting happening today.

submitted 51 days ago β€’ 4 comments

It is both ethical and moral to reverse engineer everything you own, and you should.

submitted 52 days ago β€’ 0 comments

sometimes, late at night, when it's dark and my wife is asleep, I like to indulge my deepest desires and google the twimst cat

submitted 52 days ago β€’ 17 comments

I was having a hard time emulating an Atheros based router due to different MMIO regions. Well, after trying a bunch of different ideas, I'm currently able to use the actual device to record MMIO transactions via my custom virtual qemu board. MITM on MMIO works beautifully πŸ–€

submitted 53 days ago β€’ 3 comments

I *really* wish Wireshark had tabs, I've got like 5 Wireshark windows open and it's a mess :v

submitted 53 days ago β€’ 2 comments

It’s a long shot, but I’m looking for a ticket to ShmooCon. Please reach out if you or someone you know has one available, I’d be delighted to buy it for cost

submitted 53 days ago β€’ 2 comments