https://ctrl-c.club/~voidfree/Recent content on cristianrzHugo -- gohugo.ioen© 2026 cristianrzThu, 11 Jun 2026 10:24:39 +0100https://ctrl-c.club/~voidfree/posts/active-anticheat/Thu, 11 Jun 2026 10:24:39 +0100https://ctrl-c.club/~voidfree/posts/active-anticheat/I play on a private Aion server. For those unfamiliar, Aion is an MMO from 2009 that NCSoft has largely abandoned in the West, but a community of private servers keeps it alive. The server I play on uses a third-party anticheat called Active Anticheat, a commercial product sold to private server operators by a developer in Warsaw. I got curious about what it actually does to my machine. A few evenings with Wireshark, Procmon, Ghidra, and pefile later, here’s what I found.https://ctrl-c.club/~voidfree/posts/grapheneos/Sun, 31 May 2026 00:00:00 +0000https://ctrl-c.club/~voidfree/posts/grapheneos/I was poking around the GrapheneOS infrastructure repo last week, just curious how they build things. First thing I noticed: every single server runs Arch Linux. DNS nodes, mail servers, the lot. You can verify it directly — every package list includes pacman-contrib and pacutils, which are Arch-specific and don’t exist on any other distro. The deploy-initial-vps script checks for the Arch ISO before doing anything else: ssh $remote '[[ $(grep IMAGE_ID /etc/os-release) = "IMAGE_ID=archlinux" ]]'.https://ctrl-c.club/~voidfree/posts/verified-boot/Fri, 22 May 2026 11:36:38 +0100https://ctrl-c.club/~voidfree/posts/verified-boot/Assume malware has run on your machine and obtained root. After a reboot, is it still there? For most operating systems the answer is yes. The OS itself offers no structural resistance once root is obtained — it can write to system directories, replace binaries, install kernel modules, modify boot configuration. None of this requires exploiting a vulnerability. It’s just what root can do by design. The threat we’re reasoning about throughout is specifically this: malware that has obtained root and wants to survive a reboot at the OS level.https://ctrl-c.club/~voidfree/posts/console-security/Sat, 30 Aug 2025 14:16:40 +0100https://ctrl-c.club/~voidfree/posts/console-security/Consoles have a pretty remarkable track record. The PS5 and Xbox Series X have been out for years and neither has a public jailbreak. Meanwhile on PC, kernel-level cheats, rootkits, and firmware-level malware are a constant concern that entire security teams spend careers fighting. That’s not a coincidence. Console manufacturers made a set of deliberate architectural decisions that PC security has only started seriously borrowing from in the last decade — and some of it still hasn’t landed properly.https://ctrl-c.club/~voidfree/posts/securing-your-homelab/Mon, 13 Mar 2023 00:00:00 +0000https://ctrl-c.club/~voidfree/posts/securing-your-homelab/Trying to set up my homelab and have it be reachable from the internet I had serious problems getting to where I wanted to be, although I never expected it was going to be that difficult. Being very pro-privacy pro-security my goals where: Access my services from anywhere, including my phone Create trust between server and client that doesn’t involve 3rd parties, ideally trust on first use. Assume all middle-men are compromised.https://ctrl-c.club/~voidfree/pages/cool-services/Mon, 01 Jan 0001 00:00:00 +0000https://ctrl-c.club/~voidfree/pages/cool-services/Collection of cool services made by others, usually free. Send — file sharing Hat.sh — file encryption Piped — YouTube frontend CryptPad — Cloud Office Suite PrivateBin — PasteBin alternative FreeDNS — free subdomains GitHub Pages — free static site hosting Telegram Cloud — unlimited free storage lofi atc — Lo-Fi beats with ATC sounds