Recent versions of Ubuntu [https://ubuntu.com/] are shipping with Snapcraft
[https://snapcraft.io/] by default, and some of the default applications run
inside a snap as well. Snaps are application containers, similar to Docker, but
designed for desktop applications.
Unfortunately Canonical seems to be pushing Snaps hard, and they…
This post outlines a security assessment of the new Sena Wifi Adapter I
performed last summer for fun.
With the world on lockdown due to COVID-19, I spent a lot of time last summer
escaping the city going on motorcycle rides through the mountains and forests
surrounding the bay area.…
A while ago I received a bunch of bare ESP-WROOM-02 chips on tape, but could not
find enough documentation to program them (partially out of laziness). With my
recent interest in ESPhome [https://esphome.io/], I decided to give them another
try. This blog post contains the results of my…
Sometime in the first half of 2018 there was an explosion of "Dockless
e-scooters" appearing all over the Bay Area
[https://techcrunch.com/story/the-electric-scooter-saga-in-san-francisco/].
These devices are electric scooters that anyone can rent for a one-way trip and
find/leave then (at the time) anywhere you want. As one…
This is the blog version of my DEFCON 26 talk Lost and Found Certificates:
dealing with residual certificates for pre-owned domains
[https://www.defcon.org/html/defcon-26/dc-26-speakers.html#Foster], which I
co-presented with Dylan Ayrey [https://security.love].
You can learn more about BygoneSSL and see a demo at…
Certgraph [https://github.com/lanrat/certgraph] is a tool I've been developing
to scan and graph the network of SSL certificate alternative names. It can be
used to find other domains that belong to an organization that may be several
orders removed and not always obvious.
Background
The idea for…
On most unrooted, stock, Android phones, enabling tethering
[https://support.google.com/nexus/answer/2812516?hl=en] will run a "Provisioning
Check" with your wireless provider to ensure that your data plan allows
tethering. This post documents Tethr, a way to bypass the provisioning check on
Android devices prior to…
For those of you not in the know, ambergris is defined as:
> a wax-like substance that originates as a secretion in the intestines
of the sperm whale, found floating in tropical seas and used in perfume
manufacture.
However, that will not be what this post is about (sorry to disappoint)…
A while ago I came into possession of a few HID iClass readers. After collecting
dust in my project drawer for a few months I decided to find a fun use for them,
which ended up in the project I call Badgy [https://github.com/lanrat/badgy].
Background
The back…
Last week at DerbyCon 5.0 [https://www.derbycon.com/]the CircleCityCon
[https://circlecitycon.com/] folks had a booth with a challenge, the Challenge
of Tiamat’s Eye.
> @CircleCityCon [https://twitter.com/CircleCityCon]: Can you solve the Puzzle of
Tiamat's Eye? Visit our booth at @DerbyCon [https://twitter.com/DerbyCon]…