Using UART to connect to a chinese IP cam

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things-exploitation/index.html Student ID: IoTE- 766 Following my interest in going deeper on IoT – specially on hardware hacking, I grabbed a chinese IP cam – Loftek and started checking its internals. I already had researched the web… Continue reading Using UART to connect to a chinese IP cam

Together we’re strong

A few months ago, me and Luis had the idea to help the firefighters (true heroes) with a donation that could make their job more secure. More than 210 thousand hectares of forest burned in Portugal only this year so this was the right thing to do. After talking with João we thought about bringing… Continue reading Together we’re strong

Published
Categorized as Donations

My notes on Hacking BLE – list of resources

In the last few weeks I went for a drive into the Bluetooth Low Energy (aka BLE) topic. There are many articles on the web on “how to hack BLE” and stuff like that, so this is just a compilation of the things I wrote on my notepad and my decision of sharing it with… Continue reading My notes on Hacking BLE – list of resources

Speaker at C-Days 2017

I was invited by AP2SI to represent them in this year C-Days event. I talked about “Hacking for fun and profit – bounty style” and the room was packed. It was a pretty cool event specially because I was able to join a couple of friends to trade some new ideas.

Why working in application security makes me a better man?

In the last couple of years I was blessed with a good job at application security that made my life much easier. Above all things, I now have more opportunities to help others and provide my family and friends with small things that makes a lot of difference. Sometimes just being happy that day will… Continue reading Why working in application security makes me a better man?

Meter HTML5 XSS filter bypass

I was playing around with some new HTML5 features and noticed a funny one. Meter gives you a cool progress bar on-the-fly – https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meter Immediately I thought about using it to bypass some WRONG blacklist tags XSS filter and add a event to it: [code]<meter onmouseover="alert(1)"[/code] You can check it on https://jsfiddle.net/btksfbbx/ Nowadays this doesn’t… Continue reading Meter HTML5 XSS filter bypass