Blog

Here you can find any useful bits of info I think might be useful to share, and a few rants about how to do security (and other things) properly.

Latest Post

Jul 1, 2022

I Did Some Classic Router Hacking and Found Some Weird Stuff

A friend of mine got a new router/modem for his Verizon 5G home internet, and he noticed the installation tech visiting a hidden UI that wasn’t available to him. Naturally, we both thought that was unacceptable and set about hacking the router so we could see what secrets it held. We discovered something interesting: the single box contained two separate Linux systems, running a Frankenstein combination of OpenWRT and Android and communicating across a hidden virtual Ethernet link. We also got some CVEs, including a backdoor password generation system and some good ol’ unauthenticated command injection.

Read more

All Posts

  • I Did Some Classic Router Hacking and Found Some Weird Stuff - Jul 1, 2022
  • Hacking Keycloak to Support TouchID/FaceID Authentication - Jan 12, 2021
  • My 2020 Reading List - Nov 27, 2020
  • eLearnSecurity Pen Test Professional (PTP) Review - Jun 30, 2020
  • Hardening OpenVPN in 2020: Extra Credit - Jun 26, 2020
  • Hardening and Configuring OpenVPN in 2020 - May 5, 2020
  • OSCP & OSCE in 2020: A Retrospective - Apr 9, 2020
  • Importing VMWare Fusion VMs on ESXi 6.5 - Mar 21, 2020
  • A Better Windows 10+WSL SSH Experience - Dec 3, 2019
  • Creating TPM-Backed Certificates on Windows - Dec 2, 2019
  • PSA: Don’t Store 2FA Codes in Password Managers - Mar 18, 2019
  • 2FA: Not All Factors Are Created Equal - Feb 28, 2019