I'm an Offensive Security Researcher, and I like to write about: my findings, my journey learning new technologies, and my random musings on tech.
GitHub LinkedIn PtrSecVerify nullptrsecJan 14, 2024
My apartment has a gated courtyard that you have to enter before being able to reach the front door. On the entrance to the gate is an RFID reader for a DK1-3 Key Fob that was issued to us when we moved in, and a callbox. The call box has an LCD display, full keypad, and a few “meta” keys used to navigate through the system. When you wake up the callbox, a list of resident’s names appear (which I’m not a huge fan of…), with the option to call. Once you call a resident, it gets forwarded to their phone with two-way audio, so you can talk to each other, but more importantly, the resident can press 0 on their phone to open up the gate.
I was chatting with a friend when the thought came up - maybe I can play the same 0 audio tone from the callbox and trick it into opening up. An interesting idea, let’s try it!
Jan 7, 2024
A few years ago I bought a low-quality projector from Amazon to watch movies in my room. To be honest, it works pretty well, has a decent brightness, and has like five different ways you can stream video/audio to it, so I can’t complain too much.
It does have an interesting mode of operation where it broadcasts a WiFi network you can connect to, and then start controlling the device via a web interface. So what I’m seeing is: perfect hacking target.
Oct 8, 2022
I was on a site browsing for wedding venues in Virginia (👀), and after scrolling down a page listing venues in Vienna, my entire screen changed to one of the typical “Your {Internet Browser} is out of date. Click here to update!”. Curiosity got the best of me, I clicked the link, and this created a mini-investigation of some interesting malware!
Mar 2, 2022
YWDAC is a (tiny) vulnerability and (tiny) exploit for the Trading Paints software which gives you full RCE on a victim running the software, just by poisining their DNS.
May 5, 2021
I discovered six 0days that allow a remote attacker to get full RCE on a box with no user interaction. MouseTrap is a suite of vulnerabilities and accompanying exploits that targets the RemoteMouse application and service. As of the release date 05/06/2021, the vulnerabilities have not been patched.