Get my new book with No Starch Press "From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research" here! 🚀
avatar

Spaceraccoon's Blog

InfoSec and White Hat Hacking

Escaping the Matrix: Client-Side Deanonymization Attacks on Privacy Sandbox APIs

I recently presented at the DEF CON 33 Mainstage and the 12th Crypto & Privacy Village on weaknesses in implementations of Google’s Privacy Sandbox that subverted privacy protections and enabled deanonymization attacks.

Getting a Shell on the LAU-G150-C Optical Network Terminal

Since the Link-All LAU-G150-C Optical Network Terminal isn’t documented anywhere, I thought this was a great opportunity to practice some hardware hacking…

Cybersecurity (Anti)Patterns: Frictionware

Nobody cares about the security tools you build. Here’s how to avoid getting sucked into onboarding hell with frictionware, and actually get traction.

Cybersecurity (Anti)Patterns: Busywork Generators

Many cybersecurity programmes fall into a trap of creating more and more (busy)work, eventually consuming a majority of resources and attention. In my first post in a series on cybersecurity (anti)patterns, I discuss why we end up with busywork generators and how to avoid them.

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking

Why hack one device, when you can hack all of them? By reverse-engineering and finding vulnerabilities in user-machine association flows for smart weighing machines, I was able to take over millions of internet-connected health devices. Hardware and web security are two halves of modern smart device security, and learning to hack both can yield impressive and scary results.