WiFi Pentesting With a Pineapple NANO, OS X and BetterCap

After a few weeks of testing on the field, I’ve found the perfect configuration for WiFi pentesting using a WiFi Pineapple NANO, an OSX laptop and BetterCap.
Since different people from different forums had issues making this work ( mostly due to the difficulties of internet connection sharing between OSX and the Pineapple ) I’ve decided to share my setup today ^_^


Read More

DISCLOSURE - RCE Against Every Open Source BTS Software.

This is a repost of an analysis of mine that has been posted on Zimperium’s blog, basically I’ve found that the following products are vulnerable to remote command execution, plus other various logic errors n’ stuff:

  • YateBTS <= 5.0.0
  • OpenBTS <= 4.0.0
  • OpenBTS-UMTS <= 1.0.0
  • Osmo-TRX/Osmo-BTS <= 0.1.10
  • Other products that share the same transceiver code base.


Read More

Samsung Galaxy Apps MITM Vulnerabilities

The Samsung “Galaxy Apps” application installed on every recent Samsung device, a parallel store application with both apps for Samsung smartphones and smart watches, is vulnerable to MITM attacks which could cause user information leaks, permissions dialog bypass and session hijacking.

Affected Products

Samsung Galaxy Apps <= 4.1.01-14

galaxy apps

Read More

How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People

Recently, we’ve been overwhelmed with news of horrors, attacks, monsters who murder the innocent in the name of a faith they don’t truly know. I’m publishing this article today to talk about other monsters, and I can guarantee these can be much worse than the ones we are now familiar with. They are the ones you don’t see coming, those you cannot conceive to be real.

Benjamin Franklin said:

Either write something worth reading or do something worth writing.

Well, I’ll do my best.

Read More

Presenting OpenBank, a Safe and Easy to Use BTC Tracker

Are you a BitCoin user and do you happen to have many wallets and have a hard time to track their whole balance like me? If your answer is yes then you might find useful my latest project called OpenBank!

OpenBank is a Laravel and Angular based web application that you can use to keep track of your BitCoin public keys, your total balance and so forth. All the data is collected in realtime and will be shown to you on its web interface.

Read More

Hacking Yourself Out of the Banking System and Live Only on BitCoin [EPISODE 2]


Since my latest post about BitCoin went viral it also got published on Quartz, The Memo and other various magazines.
Some people also asked me to keep writing about this and give them updates about my decision to ditch banks for BitCoin, so here I am :)

Unfortunately I’m still unable to fully avoid banks as I’m moving to another apartment and I need some money in my account, so at least for this month I had to get my wage sent to my main bank account, but within the next 1-2 months I’ll be able to move all of my assets to BTC.

In the meantime, here’re some clarifications about my previous post and some more insights/updates.

Read More

Hacking Yourself Out of the Banking System and Live Only on BitCoin

I’ve been interested in BitCoin since the very beginning but, until now, I considered BTC some very nice cryptographic experiment with high potential but almost no effects on real life.
A few years ago, buying BTC or selling them in order to get fiat ( “real” currency such as USD, EUR, etc ) wasn’t easy at all, but now things changed and things are much easier.
That’s why I decided to live only with BitCoin and this is how I’m trying to do it.


Please be aware that this is still work in progress, I’m trying the methods I’m going to show you these very same days, do not give my word for granted, if you want to follow this path, please be sure you know what you’re doing and most importantly double check every single thing.

Read More

How I Defeated an Obfuscated and Anti-Tamper APK With Some Python and a Home-Made Smali Emulator.

During this Saturday afternoon I was chatting with a friend of mine ( Matteo ) and he asked for some help to fix a Python script he was working on.

He was trying to deobfuscate an APK in order to understand its obfuscation and anti tampering (more on this later) protections so I started working on it as well.

This was definitely way more challenging ( and fun! ) than my usual APK reversing session ( dex2jar -> jd-gui -> done ), moreover this required me to write a new tool which I find kinda cool and unique ( IMHO of course ), so I’m going to share the story in this post.

I’m going to intentionally skip a few details here and there because I do not want to cause any harm to the people who wrote that application, all the involved protection mechanisms are there to avoid piracy.

Read More

How to Build Your Own Rogue GSM BTS for Fun and Profit

The last week I’ve been visiting my friend and colleque Ziggy in Tel Aviv which gave me something I’ve been waiting for almost a year, a brand new BladeRF x40, a low-cost USB 3.0 Software Defined Radio working in full-duplex, meaning that it can transmit and receive at the same time ( while for instance the HackRF is only half-duplex ).

In this blog post I’m going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking … yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception.

I’m not writing this post to help script kiddies breaking the law, my point is that GSM is broken by design and it’s about time vendors do something about it considering how much we’re paying for their services.

my bts

Read More