- AF Letter & Blog
- Posts
- AF Letter #2
What I’ve Been Up To…
Personal Projects
Paused work on some stuff and started new mobile sec + AI related stuff. Might have something cool to share by next week.
Fitness
Last week I explained how I’ve started experimenting to find my simple habits for getting and staying in shape. This week I decided I’m actually getting back to the gym (as opposed to only doing home workouts + outdoor cardio).
The reasoning is:
I need something better than sitting on my ass eating and watching YouTube to get my mind off of work during lunch break.
I’ll get results faster.
I think 5x per week should be doable because a couple of months ago before I cancelled my Gym subscription I was already going most weekdays at 6:30am and was really enjoying it. The only thing I disliked was having to go to bed super early, so for this try I’m not doing that.
Security & AI
The CVE Program was Almost Gutted
Earlier this week the cybersecurity community entered into a panick when it was announced that old Uncle Sam was cutting funding for MITRE to operate the Common Vulnerabilities and Exposures (CVE) Program, which would have caused it to essentially stop running as of this past Wednesday due to the expiration of the existing contract. Fortunately, Uncle Sam u-turned at the last minute and extended the funding for 11 more months.
It’s unclear what will happen after the 11 months are over, but the scare caused several CVE alternative initiatives to jumpstart and MITRE to create a “CVE Foundation“ non-profit to remove the single point of failure and stop relying solely on the US government.
And I’m not arguing that the whole situation was “good“, but it seems overall it ended at a net positive and we’ll be more prepared for whatever happens in the future.
Frida-MCP
Last week I mentioned that people had created MCP servers for Ghidra and Jadx, but as it turns out someone also already created a frida-mcp.
For those unfamilia, Frida is a dynamic instrumentation toolkit that essentially allows you to override the code of an app while it is running. It’s generally used by security researchers to modify app behavior, usually in order to attempt to bypass app protections.
The way researchers generally use frida is by writing custom js scripts that tell frida what functins to override and in what way. Now not only can researchers get AI to write these scripts, but they can also get the AI to figure out what scripts need to be written in the first place based on simple prompts such as “bypass the login screen“.
Trojanized WhatsApp Pre-installed on Cheap Phones
Dr.Web reports that several budget Android phones made in China ship with a pre‑installed, Trojanized version of WhatsApp that operates as a clipper: whenever a user copies a cryptocurrency address, the malware swaps it for an attacker‑controlled address, redirecting any funds sent.
AI That ‘Sees’ Malware: Turning Code into Images
A new study converted the bytecode from the classes.dex files in Android malware samples from Androzoo and Drebin into images, trained three different transfer learning models on them, and achieved 97.24% detection accuracy with one of them.
Traditional malware detection revolves around building YARA (or similar types of) rules for new variants of known malware families. But this seems like a much more scalable approach that could be combined with traditional ones for maximum effectiveness.
SuperCard X Malware
A new scam in Italy uses SuperCard X malware on Android phones to steal card data via NFC when victims tap their cards, enabling instant theft.
Thanks for Reading
That’s all for this week. If you found this useful please make sure to subscribe and share.
See you next week.