Security – Skinny Research and Development

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025

Striking a harmonious balance between high-level abstraction and low-level hardware control, the C programming language proves to be efficient for resource-constrained embedded systems. C programs can be finely tuned to optimize memory usage and execution speed, a critical consideration in embedded applications where resources are at a premium. Despite the many benefits of the C …

Zero-Day Research: CVE-2023-48024 and CVE-2023-48025 Read More »

Anatomy of a Malicious GPS Tracker

This is the kind of stuff I love. Recently I was given a GPS tracker from an individual. This tracker had been embedded in a victim’s car for 6 years. The following video examines the tracker’s components and method of install. Below the video you’ll find some close-up photos of the device. GPS Tracker Photos …

Anatomy of a Malicious GPS Tracker Read More »

Auto Answer: Feature or Vulnerability

Auto Answer is a feature in many VoIP phones that allows the phone to go off-hook the very instant a call is received by the instrument. In this video we’ll look at how this feature is setup and talk about the security vulnerabilities. NIST Report: Link Video Conferencing Auto Answer: Link 1 Link 2 Link 3

How to Listen to VoIP Conversations with Wireshark without Capturing the Call Setup

Sometime when performing a packet capture, you may come across some VoIP conversations. If the initial call setup is not in this capture, subsequent voice packets will be labeled in such a way that it makes it difficult to decode the VoIP conversation. What follows is a tutorial to get around this problem.

Monumental Security Practices

Every time I take someone sight seeing in DC, I can’t un-see them. I should be alright with CCTV cameras hanging off of structures. I’m a security professional. We eat vulnerabilities for breakfast and birth countermeasures at dinner. This, however is different. Let me demonstrate my frustration. First, take the lovely Abraham Lincoln Memorial. Be …

Monumental Security Practices Read More »

Skinny Secure 002: Hackers vs Hackers, Airplanes vs Thumb-drives, & Students vs Teachers

Microsoft Hacked, Hackers Rejoice, Hackers Hacked Yesterday the Syrian Electronic Army (SEA) hacked several Microsoft Twitter accounts. The SEA is a contingent of hackers that are supportive of Syrian President Bashar al-Assad. After immediately taking credit for the attack and bragging all over the internet, they are today nursing a small wound of having their …

Skinny Secure 002: Hackers vs Hackers, Airplanes vs Thumb-drives, & Students vs Teachers Read More »

Skinny Secure 001: Monthly Technical Security Update

Every month I will be endeavoring to bring you little security snippets that may be of interest to all the techs out there. This last month has been an interesting one. Below you’ll find the Chinese agricultural espionage, billionaire security, systems, and a how to for getting the NSA’s undivided attention. General Interest -Most burglaries …

Skinny Secure 001: Monthly Technical Security Update Read More »

Grad Students Find Undocumented Functions in SCADA Protocol

Industrial Control Systems (ICS) have been an area of security concern for the past decade and was dramatically highlighted in the media with the whole Iran nuclear enrichment fiasco. When someone screws with your computer or smart-phone with a virus, it’s quite an inconvenience, but when someone starts taking out your power or shutting down …

Grad Students Find Undocumented Functions in SCADA Protocol Read More »