https://vaylobat.github.io// 2026-05-06T00:43:11+01:00 vaylo.bat https://vaylobat.github.io// Jekyll © 2026 vaylo.bat /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-19T10:00:00+01:00 2026-03-20T18:15:50+01:00 https://vaylobat.github.io//posts/hitv-mod-analysis-part2/ vaylo.bat

🛡️ Legal Disclaimer This research is intended for educational purposes and security awareness only. The information provided is the result of reverse engineering analysis to uncover latent threats in modified applications. The author assumes no responsibility for the misuse of this information in any illegal activity. Remember: “Privacy is a right, but protection is your personal responsibi...

2026-03-17T20:00:00+01:00 2026-03-18T23:28:39+01:00 https://vaylobat.github.io//posts/hitv-mod-analysis-part1/ vaylo.bat

⚖️ Disclaimer This research is provided for educational, security, and awareness purposes only. All analysis procedures were conducted within a strictly isolated virtual environment (Sandbox). The researcher is not responsible for any illicit use of the information contained herein. The primary goal is to alert users to the inherent risks of downloading modified applications (Modded APKs) from ...

2026-02-19T15:57:57+01:00 2026-02-19T16:57:58+01:00 https://vaylobat.github.io//posts/thm-pwn101/ vaylo.bat

THM - Pwn101 Writeup Target: pwn101 | OS: Arch Linux 0x01: Initial Recon Started with a quick checksec to see what I’m dealing with. The binary is x86-64 and most protections are stripped or disabled. NX is ON: So no shellcode on the stack. Canary is OFF: This is the green light for a Buffer Overflow. No PIE: Memory addresses are static, which makes things way easier. 0x02: Looking un...

2026-02-12T10:00:00+01:00 2026-02-12T22:59:27+01:00 https://vaylobat.github.io//posts/embedded-insecurity-zte-modem/ vaylo.bat

0x01: Introduction In the world of cybersecurity, legacy hardware is often a goldmine of vulnerabilities. This research focuses on the ZTE 3G/4G Modem, a ubiquitous device that often flies under the radar. My goal is to deconstruct its attack surface, analyze its legacy services, and eventually achieve a foothold in its firmware. The operating environment for this analysis is Arch Linux, chose...

2026-02-11T12:00:00+01:00 2026-02-17T09:09:56+01:00 https://vaylobat.github.io//posts/pascalctf2026-malta-nightlife/ vaylo.bat

This was a classic bank-breaking challenge. You start with 100€, but the flag “drink” costs a billion. Obviously, we aren’t going to earn that much legitimately. The Logic Checking the binary in Ghidra, I saw that: The flag is loaded into the description of the 10th drink (index 9) at startup. To see that description, you actually have to buy the drink. Price: 1,000,000,000€. My wallet:...