How to install OpenWRT on QEMU
Overview A short blog on how to install and run the latest version of OpenWRT using QEMU, on a machine with Apple M1. This is similar to my previous blog post on How to build a Debian MIPS image on QEMU. This guide uses the OpenWRT ARMv8 edition, which runs nicely on a Apple M1 chip. It also covers how to install the LuCI web management interface. Download and Install Select and download the necessary files from the link below....
Exploiting a JDBC deserialization vulnerability in MFT Server by JSCAPE
Background This research project started back in July 2023, at around the same time when a critical vulnerability in a popular file-sharing software called MoveIt Transfer was disclosed. More details about that particular vulnerability can be found here and here. I was curious and looked for other similar file-sharing software with security issues. And so a few Google searches later, I found a candidate, a software for enterprises called MFT Server by JSCAPE....
Hacking Amazon's eero 6 (part 1)
This is the first in the series of hacking Amazon’s eero 6 (3rd generation) Wi-Fi device. In this post I will be focusing on device disassembly, identifying pins, brute forcing JTAG, and reading serial output. About Eero is a San Francisco-based wireless Internet company founded in 2015. It is known for making household consumer Wi-Fi products. The company was acquired by Amazon in 2019 for $97 million. Device Specification eero 6 (3rd gen 2020) device specification....
How to block .zip domains with pfSense
A short guide on how to block the entire .zip TLD using pfSense. In particular using a package called pfBlocker-NG, which can be thought of as a “PiHole” alternative. pfBlocker-NG is capable of much much more but won’t be covered in this blog. Why is .zip TLD a problem? It’s simple really, Phishing. Whether it’s abusing a HTTP URI scheme or using special unicode characters, having a .zip TLD which has always been attributed to the compression file extension is just a bad idea....
PayPal and Passkeys issues since launch
PayPal’s Help Center - Technical Support post shows how Passkeys work on its platform and how users can add new security devices, this covers both iOS and Android but also desktop systems too. It also goes into more detail on what to do when you’ve lost your device, and much more. TL;DR: As of 26th May 2023, PayPal only supports external security “Passkeys” keys (such as Yubikeys) for two-factor authentication. Passkeys on mobile devices like iOS or Android still do NOT work, even though you can register one....