I recently ran a series of Arsenal Lab demonstrations at Black Hat Europe 2021. These demonstrations focused on providing accessible introductions to using open source tools to interact with satellite signal recordings. Several folks asked for copies of the lab handouts used in those exercise, so I thought I’d post them here for anyone interested. MPEG-TS Lab: mpeg_ts_handout.pdf GSE LAB: gse_handout.pdf
Read More...
Distributed applications lack reliable means of verifying the trustworthiness of their users and blockchain users have little information regarding the trustworthiness of distributed applications. EOShield was an hackathon competition entry at the 2018 EOS Global Hackathon which demonstrated the creation of a PKI-inspired distributed trust model to reduce risk on DApp ecosystems. The project was pitched as a business but is currently a side project which may see open-source release to the EOS community.
Read More...
About the Project This is the second in a series of posts outlining my efforts to reverse engineer the new Amazon Dash Wand to understand how it works and how secure it is. Rather than just do the typical security blog writeup of exploits, I wanted to share the entire process including the numerous dead ends and false leads involved in an embedded reverse engineering effort. You can find other posts in the series here.
Read More...
About the Project I recently picked up Amazon’s new Dash Wand essentially for free due to an Amazon promotion ($20 worth of Amazon credits if you purchase the $20 device). The device itself packs a pretty hefty amount of hardware for the cost. It includes a microphone, a linear image sensor for barcode reading, assorted LEDs, a nice big button, speakers, Bluetooth Low Energy and Wifi. It’s all powered by (replaceable) AAA batteries, can be affixed to any magnetic surface or hung from an adhesive hook it ships with, and is remarkably compact and portable.
Read More...
Reverse Engineering: Dash Wand The Amazon Dash Wand packs some pretty powerful hardware in a cheap and attractive package. The only downside is that the device is locked down to the point where it’s good for only one thing: making orders on Amazon. This project is about liberating the hardware, seeing how secure the wand really is, getting better control over my data, and learning a bit about IOT reverse-engineering.
Read More...