Adobe, Amazon, Barnes & Noble — all of these companies invest heavily in protecting e‑books from copying and online distribution. Yet every time, someone finds a way to bypass or crack those protections. How does DRM work,…
CONTINUE READING 🡒 Category: Security
TrueOS Review: The Desktop Edition of FreeBSD
“An inexplicably still-walking corpse” — that’s roughly how people tend to talk about FreeBSD these days. The hype around Linux and the GPL did its job, pushing what was once the most popular server OS to the…
CONTINUE READING 🡒 
TempleOS Demystified: Understanding the “Divine” Operating System and Avoiding Common…
Hello, my brother! Today we’re going to explore one of the most intriguing operating systems of our time. TempleOS is only 17.5 MB, compiles on the fly, includes the full text of the Bible, supports 64-bit multi-core…
CONTINUE READING 🡒 
How Law Enforcement Cracks Passwords: Tools and Techniques Used Against…
Hackers, fraudsters, security professionals, law enforcement, and intelligence agencies—all of them, under the right circumstances, may try to access information protected by passwords. And while the tools used by hackers and government agencies are largely the same,…
CONTINUE READING 🡒 
KRACK in Practice: How the Wi‑Fi WPA2 Key Reinstallation Attack…
In the fall of 2017, the world learned about a new threat to Wi‑Fi security. It affects virtually all devices and software platforms. No matter how long or complex your password is, it won’t help, because KRACK…
CONTINUE READING 🡒 
Bypassing Firewalls with DNS Tunneling: Testing Five Popular Tools
When a firewall has completely cut off network access but you urgently need to move data, DNS tunneling can come to the rescue. The connection will be extremely slow, but it’s enough to reach into an organization’s…
CONTINUE READING 🡒 
Deep Packet Inspection (DPI) Explained: How It Works and How…
Many countries are rolling out pervasive surveillance technologies to monitor their citizens and profile their behavior. Tools like deep packet inspection (DPI) restrict our freedom online. To push back effectively, it’s crucial to understand how these systems…
CONTINUE READING 🡒 
Social Engineering: Methods, Tools, and Best Practices for Human-Factor Security…
What’s a pentest without social engineering, right? These days, social-engineering testing is standard fare, and I’ve done it many times as part of security assessment engagements. I’ll walk you through the techniques we use and the many…
CONTINUE READING 🡒 
RF Signal Hacking with SDR: Capture, Replay, and Remote Device…
Imagine you’ve captured, intercepted, and decoded a device’s control signal. Now it’s time to spoof it. To do that, you need to be able to transmit arbitrary signals. Set up a radio transmitter—and you’re on your way.
CONTINUE READING 🡒 
How to Harden Firefox for Better Privacy and Security
Lately, Firefox has gone through some major changes—some good, some not so much: the switch to the Quantum engine, dropping XUL/XPCOM-style extensions, moving to WebExtensions, and a slew of other updates. What hasn’t changed is that you…
CONTINUE READING 🡒 
Pentesting mDNS and Service Discovery: Exploiting Trust Assumptions
Multicast DNS (mDNS) and DNS-Based Service Discovery (DNS-SD) are ubiquitous protocols, now enabled by default across many products—especially those built for home and small office networks. In this article, I’ll break down what a pentester needs to…
CONTINUE READING 🡒 
Turn Your Smartphone into a Car Instrument Cluster Using CAN…
Digital dashboards are replacing traditional analog gauges in cars. The most famous example is probably Tesla with its large touchscreen, but budget models use the same kinds of electronic modules. You can read data from them and…
CONTINUE READING 🡒 
Deep Dive into DoH: How DNS over HTTPS Works and…
DoH (DNS over HTTPS) promises users better security and privacy. It’s already enabled by default in Firefox, Google plans to test it in Chrome 79, and even Microsoft says it will bring it to Windows. At the…
CONTINUE READING 🡒 
DIY Spy Listening Device: Building an Eavesdropping Gadget
You’ve probably heard that almost anything can be turned into a spy device—even charging cables. In this article, I’ll show you how to build and program a GSM bug with Arduino that you can call from a…
CONTINUE READING 🡒 
Unlocking OpenVPN Access Server: Removing Connection Limits for Unlimited VPN…
Lately, friends have been asking me more and more often to help them regain access to Facebook, Instagram, Telegram, YouTube, and other sites they can’t reach anymore, where important information might still be. To help them, I’ve…
CONTINUE READING 🡒 
Reduce Eye Strain: How to Enable DC Dimming (PWM Reduction)…
Those eye-searing, flickering OLED displays are a thing of the past! Xiaomi claims it’s figured out how to make OLEDs without flicker—and not just on its latest flagship, but on older devices too. But how much of…
CONTINUE READING 🡒 
Digital Electronics from the Ground Up: Building MOSFET Transistor Circuits
Electronics and circuit design are fascinating fields. With ICs, transistors, and other digital logic components, you can design and build all kinds of gadgets right at home. After all, as the saying goes, a man should plant…
CONTINUE READING 🡒 
Shucking WD and Seagate External HDDs: What’s Inside the Enclosures
External hard drives are sometimes cheaper than bare drives of the same capacity. So why not just crack open the enclosure, pull the disk out, and use it on its own? Let’s take a look at what…
CONTINUE READING 🡒 
Border Device Searches: How to Protect Your Smartphone Data When…
We often write about abstract ways to break into and secure mobile devices, with the built-in assumption that defenses exist and the adversary is a hypothetical attacker. But what if the threat isn’t an idealized thief in…
CONTINUE READING 🡒 
Weapons of Mass Deception: 10 Simple Social Engineering Tactics Explained
Social engineering is usually seen as part of a targeted attack, but what happens if you run these tactics at scale? The author devised and tested ten such scenarios to see how people would respond and what…
CONTINUE READING 🡒