Blog Posts

Spot the Vuln Shirt (Solutions)

Unfortunately, we will not be directly selling these shirts, but I have another post tutorial on how to reproduce the shirt if you want to put in the bit of extra work to get one. Regex (bug-bounty style vulnerability) We've covered this vulnerability multiple times on the podcast and it was our Spot the Vuln on Episode 152 (written in Golang). The  regex in allow. It looks normal, and if you test it in the obvious ways it seems to work. passes, fails. Because

Spot the Vuln Shirt (DIY)

Unfortunately, we will NOT be selling the "Spot the Vuln" shirts we mentioned on the podcast. Its just due to some tax things I don't have the time to deal with right now, maybe next year. If you're willing to put in some effort though what follows is basically a tutorial on recreating the shirt within Printify so you can order it from a producer yourself. Printify is kind-of a drop-shipping system for custom clothing. You can create a product that will be fulfilled by some producer. You can

Reversing the AMD Secure Processor (PSP) - Part 2: Cryptographic Co-Processor (CCP)

Part one: This is a follow-up part 2 to my previous post on the AMD Secure Processor (formerly known as the Platform Security Processor or "PSP"). In that post, I mentioned that the Cryptographic Co-Processor (CCP) is an essential component of how the PSP functions. It's primarily responsible for hardware-accelerated cryptography, but it's also used as a Direct Memory Access (DMA) copy engine for doing mass copy

Reversing the AMD Secure Processor (PSP) - Part 1: Design and Overview

AMD's Secure Processor (formerly known as Platform Security Processor or "PSP") is a very interesting piece of technology that is critical to the operation of all modern-day AMD CPUs. There's also very little public information about it and because of that, it's commonly misunderstood and fantasized about. Not only is it at the top of the chain of trust, but it's also responsible for initializing the CPU and facilitating attestation (TPM), hardware-accelerated crypto, and Secure Encrypted Virtua

200 Episodes of Dayzerosec

A look back at some statistics from our first 200 episodes of the dayzerosec podcast.

From CTFs to Real-Exploitation (Part 3)

Final part of our series on going from the foundations of exploitation development to real-world exploitation. Focusing on the critical skill of discovering and developing your own exploitation strategies in large applications.

Getting Started with Exploit Development

tl;dr The rest of this goes into detail about what topics matter and why from each resource, but if you want to cut to the chase and ignore that... * Prerequisites * C programming language * x86 Assembly (32bit and 64bit) * Linux terminal usage * Exploit Education - Nebula - Start thinking like an attacker and learning to do research * Open Security Training - Introduction to Software Exploitation - Fundamentals of memory corruption * Pwn College - (Added July 2022) An alt

Adventures of porting MUSL to PS4

Over the last year or so, I've been working with the OpenOrbis team to develop a toolchain for building homebrew for the PS4, and one of the challenges we faced was porting a proper libc to the console. This article dives into some of the interesting lessons learned while porting MUSL to the PS4.