• CVE-2020-6861: Ledger Monero App Spend key Extraction

    CVE-2020-6861: Due to a bug in the Monero transaction signing protocol in the Ledger Monero app v1.4.2 we were able to extract master Monero spending key. The vulnerability is now fixed.

  • Wardriving Bratislava 10/2016

    TL;DR: Wardriving in Bratislava, Slovak Republic capital city, 8 months after contacting UPC about the flaw in their insecure default password generation.

  • Active WiFi deauth with Kismet for Wardriving

    TL;DR: Actively sniffing WPA2 handshakes during the wardriving with sending deauth packets.

  • Blind Java Deserialization - Part II - exploitation rev 2

    TL;DR: The practical exploitation of the blind java deserialization technique introduced in the previous blog post. Practical demonstration of the victim fingerprinting and information extraction from the system (properties, files).

  • Blind Java Deserialization Vulnerability - Commons Gadgets

    TL;DR: Exploitation of Java Deserialization vulnerability in restricted environments (firewalled system, updated Java). Technique similar to blind SQL injection enables to extract data from the target system (read files, properties, env vars).

  • UPC UBEE EVW3226 WPA2 Password Reverse Engineering, rev 3

    TL;DR: We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router.
    This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept password generator.

subscribe via RSS