I released a new tool today on the Red Crow Labs github ( https://github.com/redcrowlab/rcFileScan ) . This tool scans and parses ELF binaries and provides basic information about them, including certain types of basic vulnerabilities. Some examples include: * Security compile time options such as ASLR, DEP, NX, etc. * Reads

For some of you this may be elementary, but it wasn't for me. I'm working on a tool that parses and scans ELF binaries, which I am going to release soon, and to test it I made a C program with the various things it scans for. One of those

I see a lot of discussion around new people breaking into cyber-security. I thought it might be helpful to outline how I did it. It may not all apply still, but at least some of it does. 1.) Take a job in IT, any job. Help desk, sysadmin, network eng.

I'm a fan of some of Ray Dalio's thought processes from his Principles, to his concept of building "machines" within a business. At Red Crow Labs we have built a "machine" for our main service offering: Hardware Analysis. Red Crow Labs have developed a standardized, repeatable, and in-depth process to

I created this about 8 years ago to help my clients think about resource allocation and prioritization. It could use some updates but I think it's still relevant and useful so I decided to share it. Ray Dalio, the founder of Bridgewater Associates and someone whose ideas I find useful,

This post provides a detailed analysis of TikTok on android and many of the steps and techniques that were used to examine the application. The goal of this post is to enable users to be better informed about what apps such as these are doing on their mobile devices. First,

Trying to identify some unusually labeled SPI PINs and decided to see what ChatGPT had to say about it: Me: "I have some SPI PINs labeled as follows: This seemed very strange to me so I asked it another question: And that settles that . . . . The key takeaway is that you

I was looking back through my old talks and papers (2005-2015) and realized some of them still apply today so I've decided to make some article posts rehashing them with a few updates in some cases. This is the first one. This is from a talk I gave with a

A friend of mine and I both ordered flipperzero devices recently. His seems to have been seized by customs and mine showed up a couple of days ago so I decided to setup a basic test to try it out. DISCLAIMER: Before doing any of this stuff make sure you

One of the things we do here at Red Crow Labs while working on a hardware product analysis / reverse engineering project is conduct an RF Spectrum survey. A lot of different things and types of equipment go into this but I'll show a couple of basics here. We have a

In this post I'm going to walk you through some of the troubleshooting and rabbit holes one goes down pursing hardware hacking. I just a day removing a stubborn power supply for a piece of scientific equipment so that I could get access to the JTAG and I realized I

I have no idea what I'm doing. Truly. I never really have, and it turns out that even though this causes some stress, this is my superpower. It can be hard at times to sell this as a capability but I believe it is one of the most powerful. When

A major part of my career in security was learning how and why to communicate what I was working on. This had a major impact on my progression so I thought I would share some of what I learned here. When I was working at Los Alamos I had a

For a little while when I was younger I was angry. (I have to be a little circumspect about details in order to protect people in this post but it will be worth it when you make it to the end.) I was angry because I felt like I had

Today I'm playing with a jtagulator device on the same setup as the last article. I have it wired up to the GPIO pins on the raspi that correspond to the UART (I'm cheating a little since I figured out what the pins were last time), and I have it

I thought I'd give a little peak into Red Crow labs. We have quite a bit of gear for analyzing and reverse engineering hardware so I'll show some of it in use today. I'm using a Raspberry Pi 4 for this because its easy and because I can't show any

Something that I learned in my time as a consultant is that I didn't always understand or agree with business decisions. I had to learn how to step outside of my security engineer world and look at things from different perspectives in order to be an effective consultant. A great

In around 2007 I had this idea for a tool that could tell if a file was malware or not. Instead of using static signatures like most anti-virus at the time I would do the following: 1. Collect file format features from PE, ELF, MachO, PDF, etc. files. 2. Things

One of the hardest transitions I've ever had to make, and one I've seen several founders struggle with as well, is the move from Individual Contributor to Manager, especially to C-Suite executive. Back in 2009 / 2010 I left a well-paying, super secure job as a research scientist and founded a

I used to be one of those people who got 3-4 hours of sleep a night and worked around the clock. Part of this was necessary early in my career to bootstrap myself up to meet those who had extensive educations and lots of experience, but part of it was

Several years ago I was consulting for one of the major oil and gas companies. They had brought me in to perform response to a major incident, a breach assessment, and several penetration tests including one on their virtualization infrastructure. Once those projects were complete they asked if I could

This first post is about new start ups wanting to focus on government as a customer. I'll summarize first then add detail and story after for those who want to go that deep. I believe that to be successful as a startup with the government as a customer you have

Conversation with chatGPT trying to understand its ability to retain and re-use data as well as its understanding of its own capabilities in this area. I made some edits to shorten the length of this post and remove redundancies in order to make it more readable. ASC: "I'm wondering if