Research, analysis, and findings on offensive security, mobile threats, and embedded systems.
Deep-dive on the cellebrite-payload_feb2024.tar archive — post-exploitation persistence, SSL/TLS interception via SPKI bypass, and binary analysis of the installer ELF.
How WSL + SOCKS5 (and Tor) can tunnel traffic out of an isolated endpoint — silently, without triggering any Defender Advanced Hunting logs.
→Microsoft silently patched the WSL/SOCKS5 bypass. Conditional access, web content filtering, and Tor-based evasion remain open. MSRC has not responded.
→Slide deck from the bSides Copenhagen 2023 presentation on MDE device isolation bypass techniques.
→Full technical breakdown of a live campaign: spoofed sender, base64-encoded client-side payload, live NETS card validation, and the attacker's own exposed RDP server.
→From mystery firmware to Allwinner V851S3, Tina Linux, SWUpdate and SquashFS — including a full credential scan revealing hardcoded Aliyun access keys, unauthenticated OTA interface, and plaintext PSK logging.
→Kernel tuning, entropy hardening, zRAM with zstd, and thermal monitoring — taking the Handsome UZ801 from Android-remnant to rock-solid Linux micro-server.
→Step-by-step dist-upgrade guide from Debian 12 to 13 on the 4G LTE WiFi Modem, including ADB re-enablement via USB gadget service.
→Building a pluggable standalone-modes framework on the nRF52840 — chord gesture detection, FDS persistence, AuthTrace key capture with mfkey32v2 verification, and the three runtime bugs that needed finding.
→Raw LF field capture, graphical waveform plotting, Manchester decode, and modulation detection
→Hooking into the nRF52840 NFCT peripheral to passively capture all ISO14443-A frames a reader sends — REQA, anti-collision, SELECT, AUTH, and APDU commands decoded in real time.
→From gap encoding primitives → PWM pin release bug → antenna ringing compensation → first working read. A complete firmware debugging journey on the nRF52840.
→From zero to 100. Creating a UF2 bootloader for the Chameleon Ultra, and dlashing it without JYAG
→Smartphones som mobilt kontor: risici ved BYOD, jailbreak, ukontrollerede apps og manglende sikkerhedstræning i virksomheder.
→Gennemgang af IrDA, R/F-radiokommunikation og Bluetooth — sikkerhedsrisici og anbefalinger til virksomheder.
→How I ported Metasploit to Sailfish OS — including a script automating the shrinking of the Rapid7 tarball with versioned auto-download.
→Easy-to-use Tor hidden service setup and a QML app to control Tor status — built for Sailfish OS.
→Simplified UI for wireshark (frontend for t-shark) — built for Sailfish OS.
→Interactive walkthrough of the Sailfish OS client for ChameleonUltra. BLE/USB transport, slot management, HF/LF scanning, bidirectional sniffing, and waveform analysis.
→Instruction manual for the Sailfish OS client for ChameleonUltra.
→