The Mephux Collection

Open Source, Security & Design.

Read this first

Counter-Strike Is Broken


This blog post is about VAC signature detection. NOTHING else. A lot of people are having panic attacks about other technical features that this does not cover. Also, Assualt Cube is used as a demonstration with VAMemory which was the memory c class used while doing CS:GO research. My reason for posting is why easy, old and simple memory modification cheats using known memory modifications DLLs are not being detected after months of use. I have not and will not reverse Warden, VAC or care about other anti-cheat technics being used in them. I simply don’t care and it’s out of scope for this post.

TL;DR The Counter-Strike [VAC] anti-cheat engine is signature based (among common other things) and people selling cheats know this. They could flood the community with so many different signatures that Valve could never keep up with detection. They need to evolve by either monitoring...

Continue reading →

Web Security Negligence and the JetButt Vulnerability


A few weeks ago my internet service provider decided to take a vacation for the day; left me up a creek without a paddle (Who? take a wild guess). I had a lot of work to complete and decided to just go buy a 4g hotspot (Verizon Ellipsis jetpack - latest firmware as of this post). I liked the idea of having a backup for future fails and it’s for the most part quick and easy to setup.


What should have been a somewhat productive day of work turned into an investigation of the device and its firmware. It didn’t take long to find some pretty hilarious problems. I decided to report the vulnerabilities to Verizon and left a very respectful time period of silence (1 month) before writing this post. Anyway, the takeaways from this post are as follows:

  • Javascript developers should understand web security.
  • Always audit a device before going to market.

There are a lot of companies and...

Continue reading →

Envdb: Ask your environment questions.

I recently released a open source project called EnvDB. Envdb allows you to deploy osquery to your assets and ask them questions in an ad-hoc fashion. Think of each osquery install as a node in a database cluster. Envdb adds the glue to make this happen with next-to-no effort.


Osquery is an open source project by Facebook. They describe their project as follows:

osquery allows you to easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and ?inform a broad set of organizations within your company.

Using osquery box-by-box wasn’t working for me, but I was impressed by the amount of information I could gather from it. What was even cooler was the ability to join on other relevant information it collects just like I’m used to in sql. The idea...

Continue reading →



I want a good quality vim setup that does not depend on ruby, perl or python. Just pure old vimscript for
easy deployment to whatever box I am currently using. (i.e it will fallback gracefully)

VimStack by default is mostly setup for work in ruby, javascript, html, css, go and c. However, adding plugins to extend
it for whatever tools you need is trivial.

Vimstack comes with two color schemas: epix (gvim) and threatstack (terminal vim). Both color schemas were created by me modified from
ir_black ( The default color schema is threatstack.

The stuff I use with vim

  • ctrl + p - fuzzy file finder via ctrlp (
  • <Leader>b - ctrlp buffer search
  • <Leader>f - ctrlp function search
  • <Leader>r - ctrlp register search
  • <c-f> - search via Ack ( - brew install ack or sudo...

Continue reading →

Let’s Take Back The Certificate Authority

A free browser-driven Certificate Authority playing by our rules


Let’s get Mozilla and Google to team up on an automated Certificate Authority (CA) process and include the root certs in both browsers. Keep the process 100% free and transparent with a public listing of certs generated daily forcing regular renewal and accepting feedback and reports from the community.

In The Beginning there was ignorance.

Recently there has been a lot of nonsense about removing self-signed certificate (cert) warnings from the world’s popular browsers. Now, this is a horrible idea for many reasons and this ill-thought out solution is completely gliding over the root problem. People tend to jump on bandwagons without exploring the repercussions of such actions. There is a lot to lose and not much to gain from this. This will never fix the failures that CA’s have continued to fall into year after...

Continue reading →