Security

Title: Thats uggzactly what I thought! TLDR; ugg.com orders could be enumerated from just the orderid which was an incrementing number. Any order that was not already dispatched could be cancelled,...

A few years ago (many now as I see it was from 2014!) I got myself a pretty cool Kickstarter project called a BloomSky . Its a simple (but awesome!) device that you put on your balcony/somewhere wi...

Recently, I've seen a number of posts on Facebook groups for South African communities about people having their car remotes jammed and the contents of their cars cleaned out while they are at petr...

First off let me just say a big thank you to the MWR guys who put this CTF together, usually I don't partake in CTFs because the skillset required is usually out of my grasp (IANAP). To have develo...

This blog post will discuss the implementation of Codegrabbing / RollJam, just one method of attacking AM/OOK systems that implement rolling codes (such as keeloq) -- these systems are commonly fou...

Introduction Its been absolutely ages since I've posted anything on the blog, not that I havent been doing things, just really not many things I felt good enough to write an entry about. I got a lo...

It has been absolutely ages since I have written a blog post - genuinely I really havent simply been slacking off, i've just been busy! Anyway, figured it was time to do a writeup on some stuff I h...

I really should have written this after ZaCon (november last year), but I'm lazy. However I have been asked to give a brief overview of the same talk at ITWeb this year so I figure I may as well fi...

Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things wi...

Hi Guys, I see I haven't update this blog in ages, I'd love to say I didn't have enough time, but it was mostly just me being.. well lazy. Zacon IV was on the 27th of October ( http://www.zacon.org...

Previously I discussed using my RTL-SDR to merely listen for analog audio signals . In this entry I'll discuss using it to decode digital signals (this example on fixed remote signals often used fo...

Intro So its been nearly a month since I last put a blog post up and I have been working on some stuff in my free time between work (been traveling to the US and took a weekend off to visit some fr...

I know, its been forever since I posted, but I do have two things i'm working on (there are drafts, but they need to be finished) - Its just the effort to actually finishing. Its on Magstripe spoof...

The Quick and dirty: New PasteLert lives at /pasteLertV2/ Downloads: » Interface -> /pasteLertV2/src/pastelertv2_Interface.zip » Cron Tasks -> /pasteLertV2/src/pastelertv2_Cron_Tasks.zip » Scraping...

<responsible_disclosure> Before i discuss this, let me just say that the bug has been patched (was in 2.5.1) and at the time of writing this Joomla is already 2 increments away - 2.5.3 is currently...

Overview I've always been semi interested in botnets/trojans and targetted attacks and the way they get their data in and out and how the command and control centres work. One of the things i'd usu...

Hey guys, I saw the pastebin guys put out a list of the IP addresses that have been attacking them for people to check if they were, I wrote a quick little script to test this at: /pastebinAttack/...

Ohhi Archive for pasteLert So i finally got round to putting the source together and writing this out. We've been really busy with Blackhat training at work and so on and i'm generally just lazy. A...

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> /pasteLert/ Hey guys, So here is my latest project, extending from the previous pasteScraper to do something a little different with...

So this is the only entry i have where i've built an app that wont work from day 1. "Oh why andrew, why?" you might say, but as I shrug, this was not my fault. So a while back Samy Kamkar produced...

So i was chatting to Chris Hadnagy and he was having a bit of an issue getting an API key for yahoo BOSS and it seemed troublesome. So i popped off a mail to yahoo to ask how i could get a key to s...

Click here to search the VMWare user database! So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Ba...

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at /pasteScrape/ otherwise feel free to download it and run it yourself from this arch...

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS, didnt see anything immediately available...

So we had a little security con here in .za (South Africa), www.zacon.org.za - basically an uncon styled conference : An unconference is a facilitated, participant-driven conference centered around...