Author | Lightnews

Cristian Cantos

@kriware.bsky.social

120 followers 180 following 150 posts

Security Analyst at Layakk Permanent student Kriware Security Feed: Feed of technical blogs about cybersecurity. -> Telegram Channel: https://t.me/kriwarefeed YouTuber: kriware RootedCON co-organizer

https://t.me/kriwarefeed YouTuber:

Posts Media Videos Starter Packs

Pinned

Cristian Cantos @kriware.bsky.social · Dec 6

Are you still not part of the EXCLUSIVE hacker community that receives a DAILY TECHNICAL article about hacking?

Every day, practical and advanced knowledge delivered straight to you.

Join now! 👇

1 2

Reposted by Cristian Cantos

Cristian Cantos @kriware.bsky.social · Dec 6

Are you still not part of the EXCLUSIVE hacker community that receives a DAILY TECHNICAL article about hacking?

Every day, practical and advanced knowledge delivered straight to you.

Join now! 👇

1 2

Cristian Cantos @kriware.bsky.social · Jul 20

Chaining Directory Traversal & CSV Parser Abuse for RCE in Django

Combines unsanitized username path traversal with pandas CSV to_csv() quirks to overwrite wsgi.py and gain RCE.

https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/

#django

Cristian Cantos @kriware.bsky.social · Jul 19

Solo: A Pixel 6 Pro Story

Researcher adapts a Mali GPU integer overflow (CVE‑2023‑48409) to root Pixel 6 Pro by adding memory-spraying and SELinux bypasses—all from a single bug.

https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/

#Android

Cristian Cantos @kriware.bsky.social · Jul 18

TapTrap: Invisible Animation‑Driven Tapjacking on Android

A malicious app with zero permissions uses transparent animations to hide real system prompts (e.g., camera, location, admin) and trick users into tapping them unknowingly.

https://taptrap.click/

#Tapjacking #AndroidAttack

Cristian Cantos @kriware.bsky.social · Jul 17

GPUHammer: Rowhammer Attack on NVIDIA GDDR6 GPUs

GPUHammer is the first practical Rowhammer attack on GDDR6 VRAM (e.g., RTX A6000), flipping bits via CUDA and silently corrupting AI models, plummeting accuracy from ~80% to under 1%.

https://gpuhammer.com/

#Rowhammer #GPUAttacks

Cristian Cantos @kriware.bsky.social · Jul 16

DreamWalkers: Reflective Shellcode Loader with Clean Call Stacks

A loader that achieves believable call stacks in reflectively loaded modules by parsing PE and registering unwind data via RtlAddFunctionTable.

https://maxdcb.github.io/DreamWalkers/

#ShellcodeLoader #CallStackSpoofing

Cristian Cantos @kriware.bsky.social · Jul 15

Windows Kernel Pool Internals

Explains kernel pool allocation, PoolTags, segment heap (kLFH, VS, Large), and building a no‑admin tool to enumerate tags.

https://r0keb.github.io/posts/Windows-Kernel-Pool-Internals/

#Kernel #Heap #windows

1 1

Cristian Cantos @kriware.bsky.social · Jul 14

Exploiting WRMSR in Vulnerable Drivers

Detailed guide on abusing unsecured WRMSR IOCTLs to overwrite LSTAR MSR, build ROP chains bypassing SMEP/SMAP/KPTI, and gain kernel execution.

https://idafchev.github.io/blog/wrmsr/

#Kernel #windows

Cristian Cantos @kriware.bsky.social · Jul 13

Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands

SRLabs released the first open-source emulator-based fuzzing toolchain for Qualcomm Hexagon baseband firmware

https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

#Baseband #Fuzzing

Cristian Cantos @kriware.bsky.social · Jul 12

Rediscovered an 11‑Year‑Old libpng Vulnerability

A beginner in secure code review reintroduced CVE‑2014‑9495 by fuzzing width * bit-depth overflow

https://blog.himanshuanand.com/posts/discovered-a-libpng-vulnerability-11-years-after-it-was-patched/

#libpng #IntegerOverflow

Cristian Cantos @kriware.bsky.social · Jul 11

Resurrecting a Dead Torrent Tracker and Finding 3M Peers

Revived an expired .si tracker domain, launched Opentracker on VPS, and attracted ~1.7M torrents with 3.1M unique peers in just one hour.

https://kianbradley.com/2025/06/15/resurrecting-a-dead-tracker.html

#TorrentTracker

Cristian Cantos @kriware.bsky.social · Jul 10

Reliable System Call Interception

Highlights using seccomp_user_notify with BPF for low‑overhead syscall interception, replacing slow ptrace—demoed via “copycat” tool for per‑syscall file redirection.

https://blog.mggross.com/intercepting-syscalls/

#Seccomp #SyscallInterceptor

Cristian Cantos @kriware.bsky.social · Jul 9

VNC Honeypot Setup by James Woolley

Details setting up a VNC honeypot on Ubuntu that logs sessions, records attacker interactions, and captures payloads for monitoring.

https://ja.meswoolley.co.uk/vnc-honeypot/

#VNC #Honeypot

Cristian Cantos @kriware.bsky.social · Jul 8

The Hidden JTAG in Your Qualcomm/Snapdragon Device’s USB Port

A built-in Embedded USB Debug (EUD) interface since ~2018 allows SWD/JTAG access via USB, enabling kernel/U-Boot debugging without external tools.

https://www.linaro.org/blog/hidden-jtag-qualcomm-snapdragon-usb/

#Snapdragon

Cristian Cantos @kriware.bsky.social · Jul 7

Implementing Fast TCP Fingerprinting with eBPF

A Golang webserver uses eBPF (XDP + kernel hashmap) to capture TCP SYN options at kernel-level and fingerprint clients efficiently.

https://halb.it/posts/ebpf-fingerprinting-1/

#eBPF #TCPFingerprinting

Cristian Cantos @kriware.bsky.social · Jul 6

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets

Using GH Archive & GitHub Event API, Truffle’s tool scans zero‑commit force-pushes since 2020 to find leaked secrets.

https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets

#git

Cristian Cantos @kriware.bsky.social · Jul 5

Alice’s Adventures in a Differentiable Wonderland

A friendly primer on differentiable programming and neural nets—covering autodiff, CNNs, RNNs, transformers in PyTorch & JAX.

https://arxiv.org/abs/2404.17625

#NeuralNetwork

Cristian Cantos @kriware.bsky.social · Jul 1

Essential C – Stanford CS Education Library

Concise 45‑page guide covering C fundamentals: types, control flow, arrays, pointers, memory, struct, functions, and compilation.

http://cslibrary.stanford.edu/101/

#c #programming

Cristian Cantos @kriware.bsky.social · Jun 30

TPU Deep Dive

Google’s TPUs use large systolic arrays, scratchpad memory, XLA AoT compilation, and 3D-torus interconnects to deliver exascale AI compute with efficiency.

https://henryhmko.github.io/posts/tpu/tpu.html

#tpu #firmware

Cristian Cantos @kriware.bsky.social · Jun 29

Root Shell on Yomani Credit‑Card Terminal

Reverse‑engineered Worldline Yomani XR: found exposed serial console with root shell, bypassed tamper protections via hardware debug port.

https://stefan-gloor.ch/yomani-hack

#terminal

Cristian Cantos @kriware.bsky.social · Jun 28

FileFix – A ClickFix Alternative

Browser trick uses file upload to open File Explorer, copy malicious PowerShell path disguised as a doc, and auto-execute via address bar.

https://mrd0x.com/filefix-clickfix-alternative/

#Phishing

Cristian Cantos @kriware.bsky.social · Jun 27

Primitive Injection – Breaking the Status Quo

Project creates reliable read/write/allocate primitives to evade telemetry by enabling custom injection flows and changing process IOCs.

https://trickster0.github.io/posts/Primitive-Injection/

#injection #evasion

Cristian Cantos @kriware.bsky.social · Jun 26

PicoEMP – Low-Cost DIY EMFI Tool

PicoEMP is a budget Electromagnetic Fault Injection (EMFI) device using Raspberry Pi Pico, ideal for hobbyist security research.

https://github.com/newaetech/chipshouter-picoemp

#HardwareHacking

Cristian Cantos @kriware.bsky.social · Jun 24

Intercepting Traffic on Android with Mainline and Conscrypt

NVISO explains how Conscrypt updates impacted HTTPS interception and how their AlwaysTrustUserCerts Magisk module now supports A7–A16.

https://blog.nviso.eu/2025/06/05/intercepting-traffic-on-android-with-mainline-and-conscrypt/

#android

Cristian Cantos @kriware.bsky.social · Jun 23

Fault Injection – Follow the White Rabbit

Demonstrates EMFI and voltage glitching on ESP32‑V3 to modify flash CRC32 and combine glitch for Secure Boot bypass via complex fault‑injection chain.

https://security.humanativaspa.it/fault-injection-follow-the-white-rabbit/

#EMFI #SecureBootBypass