Home

Denial of Pleasure

Attacking unusual targets with a Flipper Zero

Posted on November 13, 2023

You might have heard about the recent “Apple BLE pair spoofing attack” which, thanks to an application developed for Flipper Zero, allows anyone to send pairing signals to iOS devices, creating annoying notifications. This method utilizes advertisement packets from various iOS pairing-capable devices, which, when broadcasted, are received by all... [Read More]
Tags:
- hacking
- ble
- bluetooth
- flipperzero
Using silent SMS to localize LTE users

Proof of concept implementation

Posted on September 21, 2023

In this blog post, I’ll dive into an intriguing technique – using silent SMS messages to track LTE users’ locations. We’ll see how an attacker could send silent SMS messages with a defined pattern and analyze LTE traffic to verify the victim location. The following tools collectively form the arsenal... [Read More]
Tags:
- telco
- SDR
- USRP
- LTEsniffer
- silent
- SMS
Route to RCE - Dissecting a cheap WiFi repeater

Hardware and firmware analysis of a vulnerable device

Posted on April 13, 2023

A few years ago I got an old WiFi repeater from a friend. I did not have any use for it at the time and I ended up chucking it into a corner of my house. A few days ago when I decided to study it a bit and unsurprisingly... [Read More]
Tags:
- hacking
- RCE
- wifi
- repeater
- hardware
- firmware
- ghidra
MojoBox - yet another not so smartlock

Posted on March 15, 2023

Note: This blogpost was originally posted on whid.ninja by Luca and me. Reposting here to add it to my portfolio. [Read More]
Tags:
- hacking
- ble
- bluetooth
- physec
- appsec

Denial of Pleasure

Attacking unusual targets with a Flipper Zero

Using silent SMS to localize LTE users

Proof of concept implementation

Route to RCE - Dissecting a cheap WiFi repeater

Hardware and firmware analysis of a vulnerable device

MojoBox - yet another not so smartlock