Clik here to view.
UPC UBEE EVW3226 WPA2 Password Reverse Engineering, rev 3
TL;DR: We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router. This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept...
View ArticleBlind Java Deserialization Vulnerability - Commons Gadgets
TL;DR: Exploitation of Java Deserialization vulnerability in restricted environments (firewalled system, updated Java). Technique similar to blind SQL injection enables to extract data from the target...
View ArticleBlind Java Deserialization - Part II - exploitation rev 2
TL;DR: The practical exploitation of the blind java deserialization technique introduced in the previous blog post. Practical demonstration of the victim fingerprinting and information extraction from...
View ArticleActive WiFi deauth with Kismet for Wardriving
TL;DR: Actively sniffing WPA2 handshakes during the wardriving with sending deauth packets. Kismet active deauth During our wardriving experiments we were flirting with an idea of active wardriving to...
View ArticleClik here to view.
Wardriving Bratislava 10/2016
TL;DR: Wardriving in Bratislava, Slovak Republic capital city, 8 months after contacting UPC about the flaw in their insecure default password generation. Intro In the previous article, UPC UBEE...
View ArticleClik here to view.
CVE-2020-6861: Ledger Monero App Spend key Extraction
CVE-2020-6861: Due to a bug in the Monero transaction signing protocol in the Ledger Monero app v1.4.2 we were able to extract master Monero spending key. The vulnerability is now fixed.IntroMonero is...
View Article
