All Security Posts

Eoshield

Distributed applications lack reliable means of verifying the trustworthiness of their users and blockchain users have little information regarding the trustworthiness of distributed applications. EOShield was an hackathon competition entry at the 2018 EOS Global Hackathon which demonstrated the creation of a PKI-inspired distributed trust model to reduce risk on DApp ecosystems. The project was pitched as a business but is currently a side project which may see open-source release to the EOS community.

Read More...

Reverse Engineering the Amazon Dash Wand: Part 2 - Local Shenanigans

About the Project This is the second in a series of posts outlining my efforts to reverse engineer the new Amazon Dash Wand to understand how it works and how secure it is. Rather than just do the typical security blog writeup of exploits, I wanted to share the entire process including the numerous dead ends and false leads involved in an embedded reverse engineering effort. You can find other posts in the series here.

Read More...

Reverse Engineering the Amazon Dash Wand: Part 1 - First Steps

About the Project I recently picked up Amazon’s new Dash Wand essentially for free due to an Amazon promotion ($20 worth of Amazon credits if you purchase the $20 device). The device itself packs a pretty hefty amount of hardware for the cost. It includes a microphone, a linear image sensor for barcode reading, assorted LEDs, a nice big button, speakers, Bluetooth Low Energy and Wifi. It’s all powered by (replaceable) AAA batteries, can be affixed to any magnetic surface or hung from an adhesive hook it ships with, and is remarkably compact and portable.

Read More...

RE: Dash Wand

Reverse Engineering: Dash Wand The Amazon Dash Wand packs some pretty powerful hardware in a cheap and attractive package. The only downside is that the device is locked down to the point where it’s good for only one thing: making orders on Amazon. This project is about liberating the hardware, seeing how secure the wand really is, getting better control over my data, and learning a bit about IOT reverse-engineering.

Read More...

Hackathons vs. CTFs

One piece of advice I give to people looking to transition from computer science homework assignments to meaningful proficiency in cybersecurity is to seek out Hackathons and Capture-the-Flag competitions. Sometimes the amount of information on these events can seem overwhelming and it can be difficult for someone starting out to know which events are worthwhile and how to best make use of opportunities. After attending a number of these competitions myself, I wanted to share some of the advice I wish someone had given me.

Read More...