Sec1 — Security Blog

Forensics Android

Feb 2024

Forensic Analysis Report: Cellebrite Payload Artifacts

Deep-dive on the cellebrite-payload_feb2024.tar archive — post-exploitation persistence, SSL/TLS interception via SPKI bypass, and binary analysis of the installer ELF.

→

Windows Undetected

2023

Bypassing Defender for Endpoint Device Isolation via WSL

How WSL + SOCKS5 (and Tor) can tunnel traffic out of an isolated endpoint — silently, without triggering any Defender Advanced Hunting logs.

→

Partial Fix 3 Issues Open

4. jul. 2025

Microsoft Fixes Device Isolation — But Issues Remain

Microsoft silently patched the WSL/SOCKS5 bypass. Conditional access, web content filtering, and Tor-based evasion remain open. MSRC has not responded.

→

Presentation bSides CPH

11. nov. 2023

Bypassing Defender for Endpoint — bSides Copenhagen Talk (PDF)

Slide deck from the bSides Copenhagen 2023 presentation on MDE device isolation bypass techniques.

→

Phishing Nordea · Sep 2015

28. jul. 2020

Analysis of a Phishing Email — Nordea Impersonation Campaign

Full technical breakdown of a live campaign: spoofed sender, base64-encoded client-side payload, live NETS card validation, and the attacker's own exposed RDP server.

→

Reverse Engineering Hardcoded Creds ARM · Linux

Mar. 2026

Reverse Engineering a Wireless CarPlay Adapter

From mystery firmware to Allwinner V851S3, Tina Linux, SWUpdate and SquashFS — including a full credential scan revealing hardcoded Aliyun access keys, unauthenticated OTA interface, and plaintext PSK logging.

→

OpenStick ARM · Linux

MSM8916 OpenStick Performance Optimization Guide & Results

Kernel tuning, entropy hardening, zRAM with zstd, and thermal monitoring — taking the Handsome UZ801 from Android-remnant to rock-solid Linux micro-server.

→

OpenStick Debian 13

Updating OpenStick: Debian Bookworm → Trixie

Step-by-step dist-upgrade guide from Debian 12 to 13 on the 4G LTE WiFi Modem, including ADB re-enablement via USB gadget service.

→

nRF52840 RFID ChameleonUltra

Creating lf data sniffer and sampler for ChameleonUltra

Raw LF field capture, graphical waveform plotting, Manchester decode, and modulation detection

→

nRF52840 ISO14443-A HF Sniff ChameleonUltra

Mar. 2026

HF 14A Sniff — Capturing ISO14443-A Reader Exchanges on ChameleonUltra

Hooking into the nRF52840 NFCT peripheral to passively capture all ISO14443-A frames a reader sends — REQA, anti-collision, SELECT, AUTH, and APDU commands decoded in real time.

→

nRF52840 RFID EM4x05 ChameleonUltra

Creating EM4x05 Reader for ChameleonUltra

From gap encoding primitives → PWM pin release bug → antenna ringing compensation → first working read. A complete firmware debugging journey on the nRF52840.

→

DK BYOD · 2015

16. mar. 2015

En af de største sikkerhedstrusler er i lommen

Smartphones som mobilt kontor: risici ved BYOD, jailbreak, ukontrollerede apps og manglende sikkerhedstræning i virksomheder.

→

DK Arkiv · ~2007

ca. 2007

Sikkerhedsmæssige risici ved trådløse enheder

Gennemgang af IrDA, R/F-radiokommunikation og Bluetooth — sikkerhedsrisici og anbefalinger til virksomheder.

→

SailfishOS Metasploit

Metasploit for Sailfish OS

How I ported Metasploit to Sailfish OS — including a script automating the shrinking of the Rapid7 tarball with versioned auto-download.

→

SailfishOS Tor

Tor for Sailfish OS

Easy-to-use Tor hidden service setup and a QML app to control Tor status — built for Sailfish OS.

→

SailfishOS Sniffing

Wireshark UI for Sailfish OS

Simplified UI for wireshark (frontend for t-shark) — built for Sailfish OS.

→

SailfishOS nRF52840 RFID ChameleonUltra

harbour-chameleon-ultra — Sailfish OS App Walkthrough

Interactive walkthrough of the Sailfish OS client for ChameleonUltra. BLE/USB transport, slot management, HF/LF scanning, bidirectional sniffing, and waveform analysis.

→

SailfishOS nRF52840 RFID ChameleonUltra

harbour-chameleon-ultra — Sailfish OS App instructions

Instruction manual for the Sailfish OS client for ChameleonUltra.

→