maxammann
@maxammann.bsky.social
Security researcher and open-source enthusiast, volunteer at Digitalfabrik
Just published a post about reversing a rooting method for Dreame robots.
maxammann.org/posts/2025/0...
maxammann.org/posts/2025/0...
Hacking the hack: Internals of the Dreame FEL rooting method | Max Ammann
I got myself a Dreame vacuum robot with the goal of – cleaning. Yes, I did not have the goal originally to root my vacuum.
However, in case I ever want to sideload software onto the robot, I picked on...
maxammann.org
June 26, 2025 at 9:55 PM
Just published a post about reversing a rooting method for Dreame robots.
maxammann.org/posts/2025/0...
maxammann.org/posts/2025/0...
Reposted by maxammann
My team at Trail of Bits is hiring! 🎉 If you enjoy building and breaking novel cryptographic protocols like threshold signature schemes and zero-knowledge proof systems please come and work with us!
apply.workable.com/trailofbits/...
apply.workable.com/trailofbits/...
Senior Security Engineer, Cryptography - Trail of Bits
Who We AreFounded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most ch...
apply.workable.com
April 16, 2025 at 1:26 PM
My team at Trail of Bits is hiring! 🎉 If you enjoy building and breaking novel cryptographic protocols like threshold signature schemes and zero-knowledge proof systems please come and work with us!
apply.workable.com/trailofbits/...
apply.workable.com/trailofbits/...
LibAFL docs that I wrote during my time at Trail of Bits are released now!! Check it out to learn some best practices including tips and tricks! appsec.guide/docs/fuzzing...
LibAFL
LibAFL # The LibAFL fuzzer implements features from AFL-based fuzzers like AFL++. Similarly to AFL++, LibAFL provides better fuzzing performance and more advanced features over libFuzzer. However, wit...
appsec.guide
March 13, 2025 at 9:13 AM
LibAFL docs that I wrote during my time at Trail of Bits are released now!! Check it out to learn some best practices including tips and tricks! appsec.guide/docs/fuzzing...
Reposted by maxammann
It works! Beyond passkeys, I can encrypt a file in the browser with typage and WebAuthn, and then decrypt it with the same YubiKey from the CLI with age-plugin-fido2prf.
README: github.com/FiloSottile/ty…
PR: github.com/FiloSottile/ty…
README: github.com/FiloSottile/ty…
PR: github.com/FiloSottile/ty…
WebAuthn support by FiloSottile · Pull Request #28 · FiloSottile/typage
github.com
February 23, 2025 at 11:06 AM
It works! Beyond passkeys, I can encrypt a file in the browser with typage and WebAuthn, and then decrypt it with the same YubiKey from the CLI with age-plugin-fido2prf.
README: github.com/FiloSottile/ty…
PR: github.com/FiloSottile/ty…
README: github.com/FiloSottile/ty…
PR: github.com/FiloSottile/ty…
what's the go-to binary security check tool? Just for basic stuff like source fortification, stack canaries etc.
Is github.com/slimm609/che... the go-to tool?
Is github.com/slimm609/che... the go-to tool?
GitHub - slimm609/checksec: Checksec
Checksec. Contribute to slimm609/checksec development by creating an account on GitHub.
github.com
January 29, 2025 at 10:03 AM
what's the go-to binary security check tool? Just for basic stuff like source fortification, stack canaries etc.
Is github.com/slimm609/che... the go-to tool?
Is github.com/slimm609/che... the go-to tool?
Reposted by maxammann
January 10, 2025 at 6:34 PM
Reposted by maxammann
My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:
godbolt.org/z/3GerY3zEc
1/5
godbolt.org/z/3GerY3zEc
1/5
January 8, 2025 at 7:55 PM
My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:
godbolt.org/z/3GerY3zEc
1/5
godbolt.org/z/3GerY3zEc
1/5
Reposted by maxammann
Always lightens the mood.
Bonus points for Sebastian being a crab 🦀🦀🦀
Bonus points for Sebastian being a crab 🦀🦀🦀
Program in C
YouTube video by Kaslai
youtu.be
January 9, 2025 at 11:28 AM
Always lightens the mood.
Bonus points for Sebastian being a crab 🦀🦀🦀
Bonus points for Sebastian being a crab 🦀🦀🦀
Reposted by maxammann
A reminder that Telegram is not an encrypted messaging app, unless you know what you’re doing. www.404media.co/telegram-han...
Telegram Hands U.S. Authorities Data on Thousands of Users
The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.
www.404media.co
January 7, 2025 at 4:41 PM
A reminder that Telegram is not an encrypted messaging app, unless you know what you’re doing. www.404media.co/telegram-han...
Reposted by maxammann
Introducing... The Worst Ghosts of 2024! Enjoy the latest instalment of this end-of-year tradition on my science blog about spooky things! 👻
hayleyisaghost.co.uk/the-worst-gh... #paranormal #skepticism #scicomm #ghosts #psychology
hayleyisaghost.co.uk/the-worst-gh... #paranormal #skepticism #scicomm #ghosts #psychology
The Worst Ghosts of 2024!
It's that time of the year once again where I present to you, the unsuspecting public, the 5 worst ghosts caught on camera which made headlines during the past year. Fear not. These apparitions are no...
hayleyisaghost.co.uk
December 31, 2024 at 6:29 PM
Introducing... The Worst Ghosts of 2024! Enjoy the latest instalment of this end-of-year tradition on my science blog about spooky things! 👻
hayleyisaghost.co.uk/the-worst-gh... #paranormal #skepticism #scicomm #ghosts #psychology
hayleyisaghost.co.uk/the-worst-gh... #paranormal #skepticism #scicomm #ghosts #psychology
This self-built hi-res scroll wheel is amazing! The build is so polished youtu.be/FSy9G6bNuKA?...
Wireless High Resolution Scrolling is Amazing
YouTube video by Engineer Bo
youtu.be
December 25, 2024 at 10:31 PM
This self-built hi-res scroll wheel is amazing! The build is so polished youtu.be/FSy9G6bNuKA?...
Meet the cryptography.church at #38c3! This is not to be confused with a crypto church!
Church of Cryptography
Web site created using create-react-app
cryptography.church
December 25, 2024 at 5:29 PM
Meet the cryptography.church at #38c3! This is not to be confused with a crypto church!
Stability in AFL++/LibAFL is quantified by the percentage of edges in the target that are considered “stable”. If repeatedly sending identical inputs results in the data traversing the same path through the target each time, then the stability is determined to be 100%.
December 24, 2024 at 9:18 PM
Stability in AFL++/LibAFL is quantified by the percentage of edges in the target that are considered “stable”. If repeatedly sending identical inputs results in the data traversing the same path through the target each time, then the stability is determined to be 100%.
I thought I'd share some fuzzing tips.
In AFL, filename of a crash gives rough information about where it originated. The name id:000000,sig:06,src:000002,time:286,execs:13105,op:havoc,rep:4 indicates that the crash with ID 0 caused a signal 6 in the target program...
In AFL, filename of a crash gives rough information about where it originated. The name id:000000,sig:06,src:000002,time:286,execs:13105,op:havoc,rep:4 indicates that the crash with ID 0 caused a signal 6 in the target program...
AFL++
AFL++ # The AFL++ fuzzer is a fork from the AFL fuzzer. It offers better fuzzing performance and more advanced features while still being a very stable alternative to libFuzzer. A major benefit over l...
appsec.guide
December 24, 2024 at 9:16 PM
I thought I'd share some fuzzing tips.
In AFL, filename of a crash gives rough information about where it originated. The name id:000000,sig:06,src:000002,time:286,execs:13105,op:havoc,rep:4 indicates that the crash with ID 0 caused a signal 6 in the target program...
In AFL, filename of a crash gives rough information about where it originated. The name id:000000,sig:06,src:000002,time:286,execs:13105,op:havoc,rep:4 indicates that the crash with ID 0 caused a signal 6 in the target program...
Reposted by maxammann
For now, 56 retractions recently at Science of the Total Environment and counting. For now, most of them are linked to one person, Guilherme Malafaia, who seems to have provided fake mail addresses for reviewers. Lost of questions related to the role of.. (www.science.org/content/arti...) [1/x]
Find your organization
www.sciencedirect.com
December 6, 2024 at 11:51 AM
For now, 56 retractions recently at Science of the Total Environment and counting. For now, most of them are linked to one person, Guilherme Malafaia, who seems to have provided fake mail addresses for reviewers. Lost of questions related to the role of.. (www.science.org/content/arti...) [1/x]
Just submitted my first small kernel patch 🎉 I have to admit the experience was both intimidating and only partially clear.
I included typos, sent the patch only to maintainers and not the mailinglist and top-posted - all no-goes 😓
I included typos, sent the patch only to maintainers and not the mailinglist and top-posted - all no-goes 😓
December 14, 2024 at 3:15 PM
Just submitted my first small kernel patch 🎉 I have to admit the experience was both intimidating and only partially clear.
I included typos, sent the patch only to maintainers and not the mailinglist and top-posted - all no-goes 😓
I included typos, sent the patch only to maintainers and not the mailinglist and top-posted - all no-goes 😓