1. Proxying WBXML Services

    A very typical security assessment and penetration test for Carve involves a device, multiple RF communications interfaces (cellular, WiFi, Bluetooth, ZigBee, some mutant 802.15.4 based stack, etc.) a…Read More

  2. Shell Escapes

    If you own a consumer-grade network router then you have likely used a web browser to configure the router and set up your network. For commercial and industrial applications networking devices typica…Read More

  3. MiTM using Golang, meet Timmy

    This post is an introduction to Timmy (Tiny evil man in the middle). There are a lot of MiTM tools used to assess software that communicates via TCP/IP. They all have a few basic ingredients, but of…Read More

  4. Wear’s the MITM?

    Recently, we needed to man-in-the-middle TLS traffic coming from an Android Wear application. On a regular Android app, this would be an easy thing to do, but we started to run into trouble pretty qui…Read More

  5. Securing M2M Gateways

    There are a staggering number of M2M gateways on the market. In some cases, gateways are designed and marketed for specific use-cases, such as in-vehicle connectivity and fleet management, sensor data…Read More

  6. NFC Edge Cases and Past Transgressions

    First of all, if Fallout Boy wants to use this title for one of their songs, please contact my agent. Second, and more importantly, the Vancouver metro system was/is affected by a bug that can be expl…Read More

  7. Patching BL/BLX instructions in ARM

    We are often looking at ARM binaries in our favorite disassembler as we work on mobile applications and "Internet of Things" devices. As we worked on this binary we discovered a particular branch inst…Read More