In Czechia, any unauthorized access to anything that can be defined as a “computer system” is a criminal offense. You can go to jail for that even if your access was totally unintentional. Yes, there are some crazy guys who do not care at all but I try to be clean for various reasons.
Continue reading “Alcohol-free Gasoline”Phone pheraking isn’t dead!
Among using obsolete EM4100 RFIDs and weakly implemented access control systems, my alma mater has another thing that I have tried to be quiet about for almost two years now – analog intercoms.
Continue reading “Phone pheraking isn’t dead!”Whitepaper: Crash course to vulnerabilities of physical locks for IT Security professionals
I wrote this short whitepaper as project for the course “Advanced Topics in Information Security Technologies” to raise awareness about physical security. It is called “Selecting locks for securing high-security premises” to match the assignment. However the intended outcome is more ambitious. So make sure to read the appendix, because locks is just a very small part of it all. Happy reading and Merry Christmas 🙂
Continue reading “Whitepaper: Crash course to vulnerabilities of physical locks for IT Security professionals”The physical hack I have always wanted to try
At the university, we did go through physical hardware attacks, like USB keyloggers or getting data from frozen memory sticks and cryptographic keys from smartcards. But as I am finishing my master’s in cybersecurity management, I realized that something has been missing – the actual means of “getting physical.”
Continue reading “The physical hack I have always wanted to try”Triggering microwave REX
This video was recorded for the sole purpose of having some reference in my bachelor thesis that such an attack can be done. It is one of many strikingly apparent physical attacks for which I could not find any example online. On the other hand, more popular PIR REXes have tons of videos.
Continue reading “Triggering microwave REX”Love and Phishing
I made my first (not indicating that there were any others!) crime in 2009 when I was 14 years old. Well, the criminality of phishing was controversial at the time but it’s 2020 now and we are well beyond it’s possible limitation period so I can talk about it freely:
Continue reading “Love and Phishing”Challenges of Securing a Custom Embedded System
After many years of “hobbying” in the security field, I learned that people tend to ignore the possibilities a potential adversary may have. I have had much fun but never wrote about it. And that is a shame. Some of my stories are almost ten years old, and I will certainly come back to them, but now I need to self-reference myself for my bachelor thesis on more relevant issues, so let’s start with that!
Continue reading “Challenges of Securing a Custom Embedded System”