All Articles
Browse all security research articles
Filter by category
My Experience on How RAT Communication Works
In this article, I share my experience and insights on how Remote Access Trojan (RAT) communication works. How RATs establish a TLS connection over port 443, creating an evasion technique to bypass network security measures.
AMM Invariant Drift: How Fee Accumulation and Donation Attacks Break Constant-Product Assumptions
The constant-product invariant — `x * y = k` — is the mathematical backbone of every Uniswap V2-style AMM. It is elegant, deterministic, and, in pure mathematical terms, unbreakable.
Building a Forta Bot to Detect Flash Loan-Funded Governance Attacks in Real Time
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
Defeating Self-Modifying Code in VM-Protected Binaries: A Practical Unpacking Workflow with x64dbg Scriptable Breakpoints
Commercial protectors like Themida and VMProtect do not simply compress or encrypt code — they *architecturally replace* it.
Extracting Firmware from SPI Flash Chips Using a Bus Pirate and Clip-On Probes
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
GraphQL Alias Batching as a Rate-Limit and IDOR Bypass Primitive
GraphQL was designed to give clients power — the power to ask for exactly what they need, composed however they like, in a single round-trip. That composability is also its security paradox.
IBC Channel Security: How Unordered Channels Enable Cross-Chain Replay Attacks on Cosmos
The Inter-Blockchain Communication protocol (IBC) is one of the most sophisticated pieces of engineering in the blockchain space.
IPv6 Rogue Router Advertisements: Hijacking Windows and Linux Hosts on Dual-Stack Networks
Most security teams have a coherent IPv4 policy. Firewalls, DHCP snooping, ARP inspection — the usual suspects are configured and audited.
Mapping UART Pinouts on Mystery Boards with a Multimeter and Logic Analyzer — No Silkscreen Required
You've just received a hardware target through a bug bounty program — a compact IoT router, a smart home hub, or an industrial gateway.
The Handoff Problem: Writing Bug Reports That Survive a Triage Engineer's First 90 Seconds
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
Threshold Signature Ceremony Attacks: How a Single Malicious Participant Biases Key Generation in FROST
MPC wallets have become the infrastructure layer of institutional crypto custody. The promise is compelling: no single key, no single point of failure.
Voltage Glitching the STM32F1 Read-Out Protection: A Step-by-Step Crowbar Attack
This content is provided for **EDUCATIONAL and AUTHORIZED SECURITY TESTING** purposes only.
HTTP Request Smuggling: Desync Attacks in 2026
This content is provided for EDUCATIONAL and AUTHORIZED SECURITY TESTING purposes only.
The Checklist Illusion: Why "Green" Isn't "Safe"
A deep dive into the reality of the Checklist Developer and why your green tick is probably a lie. Why 18 years in the trenches taught me that true security is constant, paranoid curiosity—not pipeline checkmarks.
Welcome to 0xrafasec — Where Security Gets Real
Why this security research blog exists, what you'll find here, and how to get the most out of it — from CVE breakdowns to hands-on hacking tutorials.