BM2 - Reversing the BLE protocol of the BM2 Battery Monitor
Part 3 of the battery monitor series -Analysing the BLE protocol in a car battery monitor to set the foundations to replace the application which tracks user’s location| haxrob
An exceptionally stealthy technique to hide files and masquerade processes on Linux systems| haxrob
Despite the venerable BPFDoor malware has once again found itself in the media spotlight. Recent variants avoid existing detections, so we will take a look at samples found in significant telecommunications provider breach in April 2025. 💡 Recommended for prior reading: Trend Micro (2025), Sandfly Security (2022), Elastic (2022). Detection| haxrob
An exploration into the archeological roots of the BPFDoor Linux malware.| haxrob
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.| haxrob
A stealthy process stomping method compatible with UNIX-like systems with anti-forensic enhancements for Linux.| haxrob
Exploring ways malware on Linux and other UNIX-like systems can disguise their process names.| haxrob
Discovery and analysis of a magic packet type implant that communicates C2 traffic over the GTP-C 3GPP protocol.| haxrob
A quick look into a connected toothbrush. Surprisingly this one was rather well behaved.| haxrob
Notes on fuzzing with AFL and shared libraries can't resolve symbols| haxrob
Part 4 of the battery monitor series - Two methods to obtain the firmware from the hardware for analysis and modification| haxrob
8th May 2024 - The following is an "archive" of the investigation done live over X / Twitter to find out what changes had been made after my expose on a popular car battery monitor which you can read here. At the time of the original postings, it had| haxrob
Exploring a Smart Wi-Fi plug when something goes very wrong ..| haxrob
Answering a friends question on why his lightbulb app was asking for location permissions. An archive of the "live tweeting" which lead to the answer ...| haxrob
Part 3 of the battery monitor series -Analysing the BLE protocol in a car battery monitor to set the foundations to replace the application which tracks user’s location| haxrob
Telco / mobile and IoT security. Surfing the information super highway one keystroke at a time.| haxrob
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.| haxrob
