SuperFish AdWare found inside X-Notifier browser extension code.

You probably already heard about SuperFish around the web, an adware that Lenovo pre-installed on its computers since mid-2014. The danger does not reside inside the adware itself, that basically just injects some advertisment inside user web searches, but in the fact that, in order to handle HTTPS search engines…

RuberTooth - A complete Ruby porting of the ubertooth libraries and utilities.

Today, finally my ubertooth arrived and I immediately started hacking with it. I installed its libraries and tools both on OS X and on my Linux virtual machine, and after a while I noticed a few things: The compilation process is not well documented for newer versions of OS X,…

Hackers Phishing Leakers: A new BitCoin phishing social technique.

Recently I'm playing with a simple pastebin bot, basicaly it's a crawler for the pastebin.com website that applies a few regular expressions to new pastes and saves interesting ones. Services like this are all around the internet, one example is the leakedin website where you can find potential data…

Huawei Modems Authentication Bypass

I own a couple of Huawei USB modems, a Huawei E587 and a Huawei E355, while the first one is great for high speed mobile connections due to its dual channel feature, the E355 is a good choice for a small, easy to use and connect ( cdc_ether baby! ) mobile…

Nike+ FuelBand SE BLE Protocol Reversed

During the last two weeks I had fun playing with the BLE protocol of the Nike+ FuelBand SE, a device to track daily steps, calories, time, etc. I've completely reversed its protocol and found out the following key points: The authentication system is vulnerable, anyone could connect to your device.…

How to install Metasploit on OS X Mavericks and Yosemite, an Updated Guide

Today I tried to install the Metasploit framework both on my Mavericks MacBook Pro and my Yosemite MacBook Air, unfortunately all the guides I've found seem to be quite outdated and various hacks are needed to make the actual process really work. So I decided to write an updated guide…