Why Amazon is storing my private WiFi passwords?
1 February 2021 Reading time: ~1 minute
The story is short: I am de-registering my Kindle Paperwhite from Amazon and this is what see during the process:
I was genuinely astonished when I saw this question. So is there anybody who can enlighten me: why on earth does Amazon store in the cloud my private WiFi passwords? Ok, I understand that maybe (I said: maybe) there is some genuine reason to keep all the details about what I read, how quickly, how often I turn pages and at what time I switch on or off the backlight. But storing my WiFi passwords in the cloud? How much it does "enhance" my user experience? Should I ask another question: did I allow this? (Oh my bad, probably it is somewhere on page 543 in T&Cs.)
Introduction to IoT security
6 October 2020 Reading time: ~1 minute
An overview of vulnerabilities in hardware devices (in this case: it's a home router) and an illustration of the hacker's/pentester's approach to security analysis and exploitation of embedded/IoT devices.
Hacking car codes - central lock security primer
6 October 2020 Reading time: ~1 minute
This video is about automotive vulnerabilities and an illustration of the attack on the car key system by intercepting and decoding wireless signals.
Insecurity of Industrial Control System (ICS)
5 October 2020 Reading time: ~1 minute
A video about vulnerabilities in industrial systems and a demonstration of hackers exploiting electricity distribution systems (e.g., National Grid) (simulated attack). Note that the demo you can see in this video I implemented in software (100% virtualised). The hardware demonstrator was publicly available at several conferences, such as RSAC and BlackHat Europe.
It should be noted that the demonstrator was implemented in two versions: one entirely in software, and the other (much more interesting to play with) in hardware. Below are a few images of the ICS security demonstrator presented at different venues. People could come and try their skills in hacking the industrial system right on stage!
There is a small article about how some fellow hackers tried to solve the puzzle at BlackHat Europe in London.
Cross-site Scripting vulnerability explained
5 October 2020 Reading time: ~1 minute
Video explaining what Cross Site Scripting (XSS) vulnerability is and how it can be exploited. The video was made when I was working for 7Safe.
SQL Injection vulnerability explained
5 October 2020 Reading time: ~1 minute
Video explaining what SQL injection vulnerability is and how it can be practically exploited. The video was made when I was working for 7Safe. In this video, the viewer can learn about different types of SQL injections (error-based and blind) with step-by-step examples of what are the internal mechanisms of this vulnerability and how it can be exploited.