Physical Analysis of Damaged IoT Devices – DFRWS EU 2022 Poster
This post extends the poster I've presented to DFRWS EU 2022 in Oxford with additional images of the devices that were burned and analyzed for this experiment.
Enjoy!
DHCP Relay on Vyos through Wireguard/IPSec-VTI | A tale of sufferance…
Last week I had a simple idea, upgrade a xiaomi openwrt router to a whitebox running esxi, vyos and a couple other applications.
My current homelab setup was a site-to-site using Wireguard between the openwrt router and a USG3 with DHCP relayed from the remote (openwrt) site to the main site's DCs, both sites are behind NAT (thanks to ISP routers without bridging -_- ) and thus wireguard is the best choice.
Checking vyos doc, wireguard is present, vyos has a dhcp-relay functionality. All good, should be as easy as installing vyos and configuring everything, right? Riiight? (more…)
[CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products
The preface of the disclosure of CVE-2018-16225 (https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/) contained a little lie: I did not find one vulnerability during the research for my master thesis, but four, three of which were still being patched by the vendor/under the 90 days disclosure timeframe given to the vendor. (more…)
[CVE-2018-16225] Public Disclosure – QBee Camera Vulnerability
During the research for my master thesis on IoT forensics: "Internet of Things: Traces, Vulnerabilities and Forensic Challenges" (more about it in the future), I found one vulnerability in the QBee Multisensor Camera (https://qbeecam.com/).
(more…)
PySpark -> Python + Spark = ❤️🐍
As i was playing around with Spark on my macbook for a school project, i decided i didn't want to use the version our professor gave us, which was a Java project, and had to be coded in Scala, language i'm not really familiar with.
I love python, really, and as i knew Spark supported python i decided to give a look at what options i had to install and run it for testing and analysis of small datasets on my macbook.
So... For my reference when i'll inevitably reinstall it and will forget the steps, and for you, who are presumably looking to install spark and use it within python, here's how i did it!
(more…)
Homelabbing with Hyper-V (Part 1) – HandsOn
It's been a while since i started playing with Hyper-V and even more since I was introduced to the virtualization world.
I started around 8 years back when i wanted to give a second try to the Linux world but without risking destroying the main partition of a production laptop while installing the system (To my past self: Use the whole disk means "The WHOLE disk"). Thanks to VirtualBox I managed to get Linux installed and get immersed in that new world. Since then i installed, reinstalled, rereinstalled etc... plenty of different distros, from Ubuntu to Kali to the forensics oriented CAINE (more…)
Apertura Alptransit – Un problema per gli studenti ticinesi… ma anche no.
Ho letto oggi il comunicato del SISA sul cambiamento degli orari dei treni in vigore dall'11.12.'16, in seguito all’apertura di alptransit.
Ho quindi scritto direttamente al SISA chiedendo chiarimenti, e riporto qui di seguito le riflessioni fatte nella mail a loro indirizzata.
(more…)
The RocketPi – A RaspberryPi powered water rocket launcher
I decided to start this blog with my last creation: a water rocket launcher powered by a RaspberryPi.
It's been a few years by now that I'm experimenting with water rockets; following tutorials from this cool Italian website and from the website of the Australian's Air Command Water Rockets i initiated myself to this really cool summer hobby.
(more…)