A Quick Look at Ghidra BSim

On December 22 2023, the Ghidra project released version 11 of the Ghidra Software Reverse Engineering platform. After reading through the Release Notes, a “major new feature“ caught my eye: BSim, which promises to offer a scalable system for static software comparative analysis within Ghidra. This intersects nicely with my own graduate research at University of Cincinnati, so I decided to give it a whirl over the break.

read more >>

OpenCTI Talk at Queen City Con 0x01 (2023)

On November 17-19 2023, I had the pleasure of attending as well as presenting at Queen City Con here in Downtown Cincinnati. The conference was great, and the organizing team pulled off a successful effort. As a Cincinnatian, and former organizer at BSidesCincinnati, I was gratified to see a local group pick up this effort and deliver.

read more >>

OS Experiment in Rust (part 3): Graphics and the Framebuffer

UEFI provides a standard interface to the GPU hardware, which can set the video modes & allocate a framebuffer, to provide uniform (albeit rudimentary) baseline access to graphical output. Generally speaking, it’s a successor to VGA and VESA BIOS standards that were commonplace on older systems. UEFI calls this the Graphics Output Protocol. In this post, we’ll walk through the steps to add a simple framebuffer graphics interface to the UEFI loader, in a manner that will produce a module that may be reused for the kernel, in the future. As well, this installment will work through the steps of finding and setting a graphics mode using UEFI, so that it is available when the kernel gets booted.

read more >>

OS Experiment in Rust (part 2): UEFI Resource Access

This is a continuation of the series on writing a simply hobby OS project in Rust. The first part of the series is here: OS Experiment in Rust (part 1): Creating a UEFI Loader. This portion of the exercise will cover some details helpful in bootstrapping the (eventual) kernel that will be written. This includes: interrogating UEFI and ACPI for initial details necessary for understanding the hardware configuration that is being booted from, as well as performing some initial framebuffer configuration to provide the booted kernel with standardized display capability immediately on boot.

read more >>

OS Experiment in Rust (part 1): Creating a UEFI Loader

Long ago, in the mid-late 1990’s, I got interested in the low-level operations of my PC and was determined to write a somewhat simple hobby OS in order to teach myself how the system worked under the hood. At the time, I wrote it all in assembly on my 486, and the goal was to make something that would bootstrap to 32-bit protected mode and also interact with the core hardware components on the system: VESA, IDE, 8042 keyboard controller, the Floppy Disk Controller, etc. Recently, I became interested again in exploring this space, but “PC” hardware has come a long way - both in terms of features as well as standards. So (if I stick to it), I’ll put together a series of intermittently-written blog articles that document my experience revisiting this hobby on modern systems, targeting a minimum set of system hardware requirements that are commonplace on pretty much every PC designed in the past 5 years.

read more >>

Wiimote on Linux with /dev/input

Recently, I finally got into Raspberry Pi hobby-ism, with some free time I had. I had long ago purchased a copy of Matt Timmons-Brown’s “Learn Robotics With Raspberry Pi, intending to go through it at some point with a Pi 4 kit that a good friend gifted me one year. Halfway through the book, I’ve had to adjust many of the tutorials to the fact that the newer version of Raspberry Pi OS has made some breaking changes since it was called Raspbian. A major development was that Linux has since released a native driver for the Bluetooth Nintendo controllers that works with the Linux Input subsystem as an HID. Unfortunately, the chapter in the book was writted for an older python3-wiimote library that attempts to communicate via raw BT protocol, and has very limited controller support: it was not compatible with my newer Wiimotes for the Wii-U. As a result, I had to learn this standard interface, via the Python evdev package, and adapt the exercises in Chapter 4 to Linux HID and evdev.

read more >>

Rust filter-map feature and Functional Programming

Another post discussing Rust today. Two of the more convenient features within Rust are the Option and the Result enum types. Writing a lot of code aggressivley utilizing these in place of “bad thing happened!” values unlocks a lot of cool features in Rust. I’d like to take a moment to discuss the Result.ok() method, and also the Iterator.filter_map() method.

read more >>

Rust Traits, First Crack

Back in October, as some of you might be aware, I moved out of daily ops and CTI analysis. Since then, I’ve been working on two projects that are being developed in Rust and

read more >>

Update Route53 on Instance Boot

Recently, I found myself wanting to host a demonstration of OpenCTI on a single VM. As the system requirements for it are significant, and this is mostly a toy deployment, I decided to save costs (and accept lower availability) by using an AWS Spot Request to host the entire instance. I wanted to still be available from a dedicated domain name, but AWS Spot Requests will receive a new public IP when recycled, which meant having to update the associated resource record in Route53. I’ll discuss how I use the AWS CLI tool to create a systemd start-up script to update the DNS record with the correct IP address when the VM boots up.

read more >>

Rapid MISP Deployment in AWS Serverless

The MISP Project is a popular cyber threat intel (CTI) database that has a very active user and development community. Among features available, one key one that has helped adoption a lot is the ease with which MISP administrators can synchronize their data set with others’ MISP deployments, as well as many other data sets served in the STIX structured interchange format standard. In an effort to adopt some more tools common in today’s CTI ecosystem, I set out to host MISP using some of the serverless features offered via AWS. It turned out to be significantly easier than I anticipated, so here is my story.

read more >>