Sébastien Dudek 📡

@[email protected]
371 Followers
162 Following
229 Posts
Founder of @Penthertz. Networks and computer security engineer in #Wireless systems, #SDR, #Mobile, #CarHacking and #IoT
Sébastien Dudek 📡Mar 4
From UV light to CPU register tracing: 8 years of tackling STM32 readout protection, quickly summarized.
The latest? STM32-TraceRip achieves 100% flash recovery on STM32G0: no glitching, no decapping, just reading processor state during normal execution.
Full state of the art on our community:
👇
https://community.penthertz.com/t/breaking-stm32-readout-protection-from-uv-light-to-cpu-state-tracing/27
Sébastien Dudek 📡Feb 28
Think your guest Wi-Fi is isolated from your main network? Think again.
AirSnitch (NDSS'26) breaks client isolation on every router tested: from home APs to enterprise WPA2/3-Enterprise. Full MitM in seconds, sometimes leaking WPA2 traffic in plaintext.
Technique breakdown & tool usage: 🔗 https://community.penthertz.com/t/airsnitch-breaking-wi-fi-client-isolation-technique-index-tool-usage-defenses/21
AirSnitch: Breaking Wi-Fi Client Isolation: Technique Index, Tool Usage & Defenses

This morning I came across another interesting paper submitted at the NDSS Symposium 2026 like the BLERP paper already documented in this forum, but this time challenging the Wi-Fi client isolation that gives us the impression of security. But guess what? Client isolation is not a properly standardized feature of the IEEE 802.11 standards… So “does client isolation protect clients from attacking each other on Wi-Fi networks as intended, across different implementations?” - this is the question ...

Penthertz Community
Sébastien Dudek 📡Feb 27
🔌 Want to teach kids electronics basics without buying hardware first? (always safer for the hardware too... -_-') Check out this 3D hardware simulator right in your browser: https://community.penthertz.com/t/3d-hardware-simulation-tool-on-you-browser-with-leds-only-for-now/14
Drop components on a protoboard, write Arduino code, and watch LEDs blink. No soldering iron needed 😄
Parts list is still limited but the project looks super promising!
3D hardware simulation tool on you browser (with leds only for now)

People are a little afraid Arduino would be a dead end project since it was purchased by Qualcomm it seems (your code belongs to them, no reverse engineering allowed, data collection, etc.). So basically they would probably be bitten by ESP if it is not already the case. But if you’d like to simulate some Arduino projects, or just simple LEDs blinking before Xmass, I just discovered a new project thanks to @nono2357 post on X which allows you to simulate an Arduino project without the hardware…...

Penthertz Community
Sébastien Dudek 📡Feb 25
Something new in our community and that deserves more attention: Breakdown of BLERP, the BLE re-pairing attacks by
Daniele Antonioli
& Sacchetti (NDSS 2026). TL;DR: the BLE standard doesn't authenticate re-pairing.
Paper + PoC indexed there:
https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17
BLERP: BLE Re-Pairing Attacks and Defenses

Introduction Last week Daniele Antonioli posted an interesting paper and tooling (two nRF52840 boards, custom NimBLE btshell + Scapy-based Python Host for the double-channel MitM), he did with Tommaso Sacchetti on BLE Re-pairing attacks which probably deserves more attention than it got. This work was presented after 1.5 year of research at Network and Distributed System Security (NDSS) Symposium 2026, and could actually answer some people’s questions → How secure is the re-pairing process i...

Penthertz Community
Sébastien Dudek 📡Feb 25
🔓 Great discussion on our community around CVE-2026-0714: TPM-sniffing LUKS keys on an embedded device via SPI bus. First documented attack using TPM2_NV_Read instead of Unseal. Join the thread 👇
https://community.penthertz.com/t/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device/12
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device

Interesting blog post following the problem found on BitLocker but this time on a Linux device using the TPM: [CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device Here is a good example, that like Windows systems (link 1, link2, link3), Linux devices using TPM can also be vulnerable to TPM sniffing attacks through SPI (No way!): (source: [CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device ) Compared to Windows BitLocker that uses command 0x00000158 for TPM2_Unseal,LUKS on ...

Penthertz Community
Sébastien Dudek 📡Feb 25
A neat tool for PCB reverse engineering & troubleshooting: PCB Tracer! (Draw pins, power lines, components over high-res photos - plus an AI mode to auto-detect components) Also listed some open-source alternatives 👇
https://community.penthertz.com/t/pcb-tracer-for-reverse-engineering-and-troubleshooting-repair/15
PCB Tracer for reverse engineering and Troubleshooting & Repair

Something to try on: https://pcbtracer.com/ It is possible to draw the pins, power, components other a high quality picture, but there is also an AI function that could be interesting to find components automatically. Here is a nice YT channel to learning using this tool: https://www.youtube.com/watch?v=fBzjK3RsrAw&list=PL9pyFBJOY-8z-iKa6T6HZMkzY2j7JyZj3&index=1 I’m putting that aside for this week 🙂 If someone has some feedback, let us now here!

Penthertz Community
Sébastien Dudek 📡Feb 20

POV: you demo a vulnerability on stage in 2019, release a full exploitation tool (V2GInjector), present it at conferences and then get silent for some years...

...and in 2025 it finally gets a CVE because someone else reported it to CISA 💀

At least they credited us. Thanks CISA 🤝

CVE-2025-12357 — SLAC MitM on ISO 15118-2 EV charging. CVSS 8.3.
AKA "the HPGP standard is broken by design, we told you so."
https://www.cve.org/CVERecord?id=CVE-2025-12357

Sébastien Dudek 📡Feb 11
PentHertzFeb 11
🚀 RF Swift images v0.1.3 out! Updated Ghidra, ImHex, RF tools + new libhydrasdr v1.1.0 for HydraSDR RFOne and our special SDR++ package & more! https://rfswift.io
Sébastien Dudek 📡Feb 9
PentHertzFeb 9
🦭 RF Swift now supports #Podman! Run your RF security lab rootless/rootful & daemonless. Auto-detects Docker or Podman at runtime. v1.0.0 "Skywave" 📡🔓
https://rfswift.io/
Sébastien Dudek 📡Jan 28
PentHertzJan 28
📖 Annnnd new docs! rfswift realtime command explained
Speed-up your I/O streams and kill #SDR buffer underruns ⚡
🔗 rfswift.io/docs/commands/realtime/